That code will only work if the receiving host has no daemon listening on that port, you're better off with Alfred's patch. http://www.freebsd.org/~alred/tcp_fix.diff (I think) Omachonu Ogali Intranova Networking Group On Thu, 27 Jan 2000, John Watkins wrote: > Here is a patch for FreeBSD > > --- tcp_input.c.orig Tue Apr 20 15:09:15 1999 > +++ tcp_input.c Fri Jan 21 21:53:00 2000 > @@ -398,12 +398,36 @@ > "Connection attempt to TCP %s:%d from > %s:%d\n", > buf, ntohs(ti->ti_dport), > inet_ntoa(ti->ti_src), > ntohs(ti->ti_sport)); > - } > + } else if (tiflags & TH_ACK) { > + /* > + * Alpha code in response to stream.c > + * - Omachonu Ogali > + */ > + char buf[4*sizeof "123"]; > + > +#ifdef ICMP_BANDLIM > + if (badport_bandlim(1) < 0) > + goto drop; > +#endif > + > + strcpy(buf, inet_ntoa(ti->ti_dst)); > + log(LOG_INFO, > + "received TCP/ACK to non existant > connection: %s:%d -> %s:%d\n", > + inet_ntoa(ti->ti_src), ntohs(ti->ti_sport), > buf, > ntohs(ti->ti_dport)); > + > + /* > + * Drop without reset to prevent smurf-like tcp > + * attack > + */ > + > + goto drop; > + } else { > #ifdef ICMP_BANDLIM > if (badport_bandlim(1) < 0) > goto drop; > #endif > goto dropwithreset; > + } > } > tp = intotcpcb(inp); > if (tp == 0) >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:06 PDT