mycroftat_private (Charles M. Hannum) writes: > > 2) A socket in LISTEN state is not initiating a connection attempt, so > if it receives a SYN-only packet from itself, it *must* be a > forgery. A self-connect would cause the socket to no longer be in > LISTEN state before the SYN-only packet arrives. There's no point > in sending a RST in this case, since we'd just be sending it to > ourselves. > > (Actually, this change isn't really complete; in theory, if the > LISTEN socket was bound to INADDR_ANY, then we should check whether > the source address of the SYN was any of our local addreses, not > just that it matches the destination. However, a failure to detect > the attack at this point will merely generate an extra SYN+ACK that > will be dropped by the first change.) BTW, on a related note... The FreeBSD hack to `fix' (or not allow) self-connects DOES NOT WORK FOR MULTIHOMED HOSTS. It's still possible to crash a multihomed FreeBSD system by locally running a program that connects a TCP socket to itself.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:32:44 PDT