[14417] in bugtraq
Update: Subtle data corruption of TCP streams
daemon@ATHENA.MIT.EDU (Wietse Venema)
Fri Mar 24 18:06:29 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <20000324153836.589F44563D@spike.porcupine.org>
Date: Fri, 24 Mar 2000 10:38:36 -0500
Reply-To: Wietse Venema <wietse@PORCUPINE.ORG>
From: Wietse Venema <wietse@PORCUPINE.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Apparently, once instance of this data corruption problem is caused
by an unnamed bandwidth management system. It runs as a bridge,
and does not show up in traceroute etc. output. We were able to
estimate its location (at 5 ms round-trip time from one endpoint)
by analyzing packet arrival times.
Until now, this TCP data corruption problem has been observed only
when one of the connection endpoints runs a recent LINUX version.
Sightings have been reported by sites in Germany and in France.
Only recent LINUX versions request the use of timestamp options
that cause the tell-tale patterns of "01 01 08 0a" in TCP packets,
and that end up being regurgitated as ^A^A^H^J data.
I have updated the analysis at ftp://ftp.porcupine.org/pub/debugging/
Wietse
Wietse Venema:
> This note is about a subtle data corruption problem with TCP data
> streams that may bite people as more and more (LINUX) systems are
> sending network traffic with TCP-level options turned on.
>
> Last week, several Postfix users reported mail delivery failures
> because sequences of control characters (for example, ^A^A^H) were
> being inserted into their SMTP connections, resulting in SMTP
> protocol errors and non-delivery of email.
>
> These data corruption problems are not host specific: they are
> observed with both Linux and BSD/OS systems, and with mail sent to
> and/or received from systems running Postfix, Sendmail and qmail.
>
> Over the weekend of March 18, 2000, a few people left tcpdump
> running on their machines, in order to record some of these corrupted
> SMTP sessions. This note is based on an analysis of that data.
