Developing secure applications is a priority for most developers today; however, socket security is often overlooked but is especially critical. Socket security deals with other processes binding to the same port that an existing application already has a socket bound to. In the past, any process could steal the port that another socket was using which results in a denial of service type attack as the hijacking port would start receiving traffic on the stolen interface(s) and port.

The SO_REUSEADDR option allows a socket to forcefully bind to a port that is already in use by another socket. The second socket simply has to call setsockopt with SO_REUSEADDR and a boolean TRUE value before calling bind. Once the second socket is bound then the behavior for all the sockets bound to the same port is undetermined. That is, in the case all sockets are TCP, it is non-deterministic which socket will receive incoming connection requests. A malicious program could forcefully bind sockets to ports already in use with the SO_REUSEADDR option to deny service. No special privileges are required to use this option. The exception to the non-deterministic behavior is multicast sockets. If two sockets are bound to the same interface and port and are members of the same multicast group, data will be delivered to both sockets.