We were having some fun at work, with TCP not doing what we expected. Strangely, it looks like (not confirmed) the Linux IP filter considers that a connection in FIN_WAIT_2 isn't covered by "ESTABLISHED" if the connection is going via a router, but is if it's to a machine directly connected. I say "not confirmed" because it wasn't me checking this, and this makes no sense, as what does the IP stack know about routing - that's an Ethernet level thing, surely?
Anyway, as a side effect, it threw up this rather interesting snippet on page 246 of TCP/IP Illustrated: The protocols
To protect against this scenario, RFC 793 states that TCP should not create any connections for MSL seconds after rebooting. This is called the quiet time.Few implementations abide by this, as most hosts take longer than MSL seconds to reboot after a crash.
That's not true any more. Linux developers are working really hard to reduce the boot time. The goal is of the order of 5 seconds. That's much less than the Maximum Segment Lifetime, which the standard says is 120 seconds, but can be reduced.
So, is it exploitable? I wondered what mischief can one make by taking advantage of this...
