(1)  這不是中毒,是Kernel的TCP stack功能實做上有缺陷(exploit)

(2)  Linux這次出包是在實做RFC 5961的要求時,讓連線的ACK counter共用造成的
     而Windows、FreeBSD這次可以免於問題,是因為沒有完整實做 RFC 5961

     "First of all, neither Windows nor FreeBSD has implemented all three conditions
      that trigger challenge ACKs according to RFC 5961."

     "More importantly, the ACK throttling is not found for Windows or MAC OS X.
     Ironically, not implementing the RFC fully, in fact is safer in this case."

     "Therefore, the Linux kernel has faithfully implemented this feature
      by storing the challenge ACK counter in a global variable shared by all TCP connections.
      This approach, unfortunately, creates an undesirable side channel, as will be elaborated."

     paper可在今年的USENIX Security Symposium上找到:

     如剛剛引述的第二段,這篇paper的作者覺得RFC建議實做的ACK throttle是有問題的
     至於這是不是protocol bug,在hacker news上面有爭論。
     因為第三段中有提到,細節上是Linux Kernel處理時讓連線共用同一個ACK counter造成的。

= = = = =

     Linux可貴的點就在原始碼是公開的,這篇paper的作者有說他是看code stack才覺得這邊有問題
     至於Linux被戰code quality已經不是新聞了,之前EuroSys就有一篇在講scheduler issue

     而Linux Kernel這次也很快就上patch了:
     至於企業雇的IT們有沒有時間or有心情在跟Security Advisory做更新,

     像TCP SYN flood就是一個例子


