From owner-freebsd-security Thu Nov 20 14:10:35 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA12746 for security-outgoing; Thu, 20 Nov 1997 14:10:35 -0800 (PST) (envelope-from owner-freebsd-security) Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA12735 for ; Thu, 20 Nov 1997 14:10:27 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from cyrus.watson.org (cyrus.pr.watson.org [192.0.2.4]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id RAA19974; Thu, 20 Nov 1997 17:10:07 -0500 (EST) Date: Thu, 20 Nov 1997 17:14:08 -0500 (EST) From: Robert Watson Reply-To: Robert Watson To: Jim Shankland cc: security@freebsd.org Subject: Re: new TCP/IP bug in win95 (fwd) In-Reply-To: <199711202208.OAA29410@biggusdiskus.flyingfox.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 20 Nov 1997, Jim Shankland wrote: > Interesting. So the TCP stack gets into a lively conversation with > itself, since the source-address and port are the same as the > destination address and port. > > The obvious fix would appear to be to drop such packets in tcp_input.c > when the TCP state is TCPS_LISTEN. As a temporary non-hacking fix, I had planned on just using ipfw to filter out packets from myself. Presumably the ipfw processing occurs before the listen-ness of the arrangement is noticed :). Maybe, if we haven't already (have not checked), it should be a standard firewall rule that one drop packets from oneself that come from other people. Not sure how one would implement that, though, without netstat -ni'ing or using ifconfig or such, which is kind of a hack. Robert N Watson Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ Network Administrator, SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org rwatson@safeport.com http://www.watson.org/~robert/