3

While trying the simple exploit described here I noticed that it doesn't works on Linux while it works on Windows (tried with several browsers).

Apparently this is because, on Linux, the operating system is faster to reply with an error if you connect a closed port.

Is there an explanation for such difference? Why Windows is slow?

Giacomo Tesio
  • 147
  • 5
  • 1
    My guess is that Windows waits briefly to see if an application is about to start listening on the port in question. Incidentally, in a real-world scenario I believe that exploit ought to be blocked by basic [anti-rebinding](https://en.wikipedia.org/wiki/DNS_rebinding) measures. – Harry Johnston Sep 04 '18 at 03:36
  • 1
    Trace each connection and compare them. Default timeouts could be different. There could be different responses between the OSs, which could lead to different retry attempts number or protocol. It could even be a DNS delay. – spacenomyous Sep 04 '18 at 13:42
  • @spacenomyous, in this particular situation the DNS name is coming from the hosts file, so that should be essentially instantaneous. And because the traffic is entirely local (127.0.0.1) I would have *expected* to see nothing but the initial `SYN` followed by a `RST` - but it would be worth checking whether something more complicated is going on. – Harry Johnston Sep 05 '18 at 01:38

0 Answers0