[CCing this to bugtraq to prevent further confusion...] Don Lewis <Don.Lewisat_private> writes: > > On Nov 22, 2:19pm, "Charles M. Hannum" wrote: > } > } The changes we've made in NetBSD to deal with the `land' attack are: > } > } 1) If a socket in LISTEN state receives a SYN+ACK packet, then send a > } RST and drop the packet. I suppose I was being imprecise here. If we created a TCP control block when replying to a SYN-only packet, then it would be in SYN-RECEIVED state. However, we don't. What we actually find when we do the lookup is the LISTEN socket. If you have a TCP control block for embryonic connections, then you should do the `drop with reset' for either LISTEN or SYN-RECEIVED state. > I've heard reports of rumors of problems caused by sending SYN+ACK > packets to LISTENing sockets (and there is supposed to be a note about > this in "TCP/IP Illustrated Volume 3", which I don't yet have), but in > what way is the following code inadequate? > [...] > case TCPS_LISTEN: { > [...] > if (tiflags & TH_ACK) > goto dropwithreset; The original 4.4BSD (and earlier) code finds a different socket at this point, which is in SYN-RECEIVED state. The above code doesn't handle that case.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:33:10 PDT