2.6.3. Multiple sockets bindings

Considering TCP servers, there are different case of multiple sockets bindings, that can occur when the first server did not specify SO_EXCLUSIVEADDRUSE and when the second server specifies SO_REUSEADDR is used by the second server

The first case is a serious security problem. This means that if a TCP server is bound to all interfaces, it is later possible to start a TCP server bound to the same port but on a specific interface. The second TCP server will receive all TCP connection segments sent to the IP adress of the specific interface.

As the TCP/IP stack does not implement privileged ports, it is possible to disrupt any TCP servers using this technique.

The second case is not a security problem. The second server will receive TCP connection segments sent to any IP address different from the IP address of the specific interface.

The third case is not a security problem, as the two servers are listening on different specific interfaces.

The fourth case is problematic because two TCP servers are bound to exactly the same local address (same port and same IP address). The MSDN documentation [22] explains that in that case, the behavior is undefined as to which sockets will receive incoming connection requests.

However, it seems that on Windows NT 4.0, the second server will receive packets, which is the worst case because this means that the first server is hijacked. This is what happens with the NeBT driver on Windows NT 4.0 SP6a, as seen earlier.

As a conclusion, it seems important to use the SO_EXCLUSIVEADDRUSE socket option to prevent sockets hijacking.