[JSch-users] is SO_REUSEADDR risk handled by SSH protocol ?

Danisment Gazi Unal

2014-04-22 13:21:38 UTC

I've found:

*****
Because MACs use a 32-bit sequence number, they might start to leak
information after 2**32 packets have been sent. However, following
the rekeying recommendations should prevent this attack.
.....
the transport protocol provides a
unique session identifier
.....
the authentication
protocol ([SSH-USERAUTH]) uses this to prevent replay of signatures
from previous sessions.
.....
Essentially, a
different sequence number in each packet ensures that at least this
one input to the MAC function will be unique and will provide a
nonrecurring MAC output that is not predictable to an attacker.
*****
Ref: http://www.ietf.org/rfc/rfc4251.txt

For collisions, see the ref. note.

What I understand is that session identfier and sequence number are used
for data integrity. So, any wrong packet can not be handled by TCP layer,
will be examined in SSH layer.

dgü.

Post by Danisment Gazi Unal
Hello!
I've a fix port to bind. But, I want to rebind this port even if it's in
TIME_WAIT state. So, I want to use Socket.setReuseAddress(true).
But, when enabled SO_REUSEADDR, as mentioned at
http://developerweb.net/viewtopic.php?id=2941, there is a risk that new
connection using same server,serverport,client,clientport TCP tuple may
receive network packet from old connection. does SSH protocol handle this
confusion ?
As a result, I am asking that can I use Socket.setReuseAddress(true) safely
in SSH connections ?
thanks.