Re: "LAND" Attack Update

From: Casper Dik (casperat_private)
Date: Sat Nov 22 1997 - 15:12:24 PST

Next message: Bill Fenner: "Re: "LAND" Attack Update"

Previous message: John Bashinski: "Updated notice on Cisco and land.c"
Maybe in reply to: Aleph One: ""LAND" Attack Update"
Next in thread: Bill Fenner: "Re: "LAND" Attack Update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>2) A socket in LISTEN state is not initiating a connection attempt, so
>   if it receives a SYN-only packet from itself, it *must* be a
>   forgery.  A self-connect would cause the socket to no longer be in
>   LISTEN state before the SYN-only packet arrives.  There's no point
>   in sending a RST in this case, since we'd just be sending it to
>   ourselves.

I'm not sure that that is the case.  Multiple sockets may be bound to
the same port number.  One of the others bound to the port may
initiate a connection from the same port number.

You need to reply with a SYN_ACK packet and then you'll RST in reply to
that.


Casper

Next message: Bill Fenner: "Re: "LAND" Attack Update"
Previous message: John Bashinski: "Updated notice on Cisco and land.c"
Maybe in reply to: Aleph One: ""LAND" Attack Update"
Next in thread: Bill Fenner: "Re: "LAND" Attack Update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:32:55 PDT