RFC Errata
Found 3 records.
Status: Verified (1)
RFC 5961, "Improving TCP's Robustness to Blind In-Window Attacks", August 2010
Note: This RFC has been updated by RFC 9293
Source of RFC: tcpm (wit)
Errata ID: 4845
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Michael Tüxen
Date Reported: 2016-10-27
Verifier Name: Mirja Kühlewind
Date Verified: 2016-10-31
Section 3.2 says:
1) If the RST bit is set and the sequence number is outside the current receive window (SEG.SEQ <= RCV.NXT || SEG.SEQ > RCV.NXT+ RCV.WND), silently drop the segment.
It should say:
1) If the RST bit is set and the sequence number is outside the current receive window (SEG.SEQ < RCV.NXT || SEG.SEQ >= RCV.NXT+ RCV.WND), silently drop the segment.
Notes:
The condition should be the opposite of (RCV.NXT <= SEG.SEQ < RCV.NXT+RCV.WND), which is stated in the second item of the enumeration.
Status: Held for Document Update (2)
RFC 5961, "Improving TCP's Robustness to Blind In-Window Attacks", August 2010
Note: This RFC has been updated by RFC 9293
Source of RFC: tcpm (wit)
Errata ID: 4772
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Stéphane Bortzmeyer
Date Reported: 2016-08-10
Held for Document Update by: Mirja Kühlewind
Date Held: 2016-09-12
Section 7 says:
[The entire section]
It should say:
No suggested text because it requires a much more serious analysis. May be adding that the rate-limit counter SHOULD be per-connection, in the spirit of RFC 6528?
Notes:
It appears the section does not specify that the counter for ACK throttling SHOULD be per-connection. In Linux, it is apparently global, which allowed its use as a side channel enabling nasty attacks (CVE-2016-5696 and the paper "Off-Path TCP Exploits: Global Rate Limit Considered Dangerous" <http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf>).
Also see discussion on tcpm list about this reported errata!
Errata ID: 5068
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Wesley Eddy
Date Reported: 2017-07-12
Held for Document Update by: Martin Duke
Date Held: 2020-04-20
Section 3.2 says:
[RFC0793] currently requires handling of a segment with the RST bit when in a synchronized state to be processed as follows:
It should say:
[RFC0793] currently requires handling of a segment with the RST bit when not in SYN-SENT to be processed as follows:
Notes:
The text in section 3.2 begins by stating a change from RFC 793 for RST bit handling "when in a synchronized state" (which means all states except for LISTEN, SYN-SENT, and SYN-RECEIVED).
Section 3.4 of RFC 793 refers to "all states but SYN-SENT", so the description of RFC 793 is inaccurate.