From Mark_Andrews@isc.org  Thu Aug 17 23:46:35 2006
Return-Path: <Mark_Andrews@isc.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E85D516A4E2
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 17 Aug 2006 23:46:35 +0000 (UTC)
	(envelope-from Mark_Andrews@isc.org)
Received: from farside.isc.org (farside.isc.org [204.152.187.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D28C043D55
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 17 Aug 2006 23:46:33 +0000 (GMT)
	(envelope-from Mark_Andrews@isc.org)
Received: from drugs.dv.isc.org (localhost.isc.org [IPv6:::1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by farside.isc.org (Postfix) with ESMTP id 2FDE9E6071
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 17 Aug 2006 23:46:32 +0000 (UTC)
	(envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1])
	by drugs.dv.isc.org (8.13.6/8.13.6) with ESMTP id k7HNkTqL034631
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 18 Aug 2006 09:46:29 +1000 (EST)
	(envelope-from marka@drugs.dv.isc.org)
Received: (from marka@localhost)
	by drugs.dv.isc.org (8.13.6/8.13.6/Submit) id k7HNkTwa034630;
	Fri, 18 Aug 2006 09:46:29 +1000 (EST)
	(envelope-from marka)
Message-Id: <200608172346.k7HNkTwa034630@drugs.dv.isc.org>
Date: Fri, 18 Aug 2006 09:46:29 +1000 (EST)
From: Mark Andrews <Mark_Andrews@isc.org>
Reply-To: Mark Andrews <Mark_Andrews@isc.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: login failure: ssh + gssapi + dual stacks + packet loss
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         102205
>Category:       bin
>Synopsis:       kdc(8): login failure: ssh + gssapi + dual stacks + packet loss
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 17 23:50:14 GMT 2006
>Closed-Date:    
>Last-Modified:  Sun Jan 20 04:21:48 UTC 2008
>Originator:     Mark Andrews
>Release:        FreeBSD 6.1-STABLE i386
>Organization:
ISC
>Environment:
System: FreeBSD drugs.dv.isc.org 6.1-STABLE FreeBSD 6.1-STABLE #8: Tue Jul 11 14:48:05 EST 2006 marka@drugs.dv.isc.org:/usr/obj/usr/src/sys/DRUGS i386


>Description:
ssh client, ssh server and kdc are dual stack.

If, when talking to the kdc, you loose the reply packet ssh will attempt
to send the same packet to the kdc using the alternate transport.  This
results in a reply attack being reported and the login failing.

09:27:04.370657 2001:470:1f00:820:208:74ff:fe9f:eeae.1798 > 2001:4f8:3:bb::4.88:  [flowlabel 0x670b8]
09:27:05.378122 192.168.191.251.3785 > 204.152.187.4.88: 
09:27:05.551681 204.152.187.4.88 > 192.168.191.251.3785: 

>How-To-Repeat:
Configure a dual stack kdc and configure a firewall to block the
replies from the kdc over IPv6.  Attempt to login using gssapi.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
