The below patch helps to reduce the leakage of internal socket information when a TCP "stealth" scan is directed at a *BSD box by ensuring the window is 0 for all RST packets generated through tcp_respond(). Patch is against NetBSD-1.3G but should apply to others with some fuzz. Cheers, Darren *** tcp_subr.c.orig Sun Aug 2 21:16:42 1998 --- tcp_subr.c Thu Sep 17 22:38:51 1998 *************** *** 214,220 **** struct route *ro = 0; if (tp) { ! win = sbspace(&tp->t_inpcb->inp_socket->so_rcv); ro = &tp->t_inpcb->inp_route; } if (m == 0) { --- 214,221 ---- struct route *ro = 0; if (tp) { ! if (!(flags & TH_RST)) ! win = sbspace(&tp->t_inpcb->inp_socket->so_rcv); ro = &tp->t_inpcb->inp_route; } if (m == 0) { *************** *** 247,253 **** ti->ti_ack = htonl(ack); ti->ti_x2 = 0; if ((flags & TH_SYN) == 0) { ! if (tp) ti->ti_win = htons((u_int16_t) (win >> tp->rcv_scale)); else ti->ti_win = htons((u_int16_t)win); --- 248,254 ---- ti->ti_ack = htonl(ack); ti->ti_x2 = 0; if ((flags & TH_SYN) == 0) { ! if (tp && !(flags & TH_RST)) ti->ti_win = htons((u_int16_t) (win >> tp->rcv_scale)); else ti->ti_win = 0;
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:36 PDT