From owner-freebsd-security  Sun Nov 23 00:34:21 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id AAA28571
          for security-outgoing; Sun, 23 Nov 1997 00:34:21 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id AAA28566
          for <freebsd-security@freebsd.org>; Sun, 23 Nov 1997 00:34:17 -0800 (PST)
          (envelope-from fenner@parc.xerox.com)
Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <53593(4)>; Sun, 23 Nov 1997 00:33:39 PST
Received: from localhost by crevenia.parc.xerox.com with SMTP id <177476>; Sun, 23 Nov 1997 00:33:28 -0800
To: freebsd-security@freebsd.org
Subject: Re: "LAND" Attack Update (fwd) 
In-reply-to: Your message of "Sat, 22 Nov 97 18:08:02 PST."
             <Pine.BSF.3.91.971123130734.235X-100000@panda.hilink.com.au> 
Date: Sun, 23 Nov 1997 00:33:15 PST
From: Bill Fenner <fenner@parc.xerox.com>
Message-Id: <97Nov23.003328pst.177476@crevenia.parc.xerox.com>
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

After a discussion with Charles, I think that his

>1) If a socket in LISTEN state receives a SYN+ACK packet, then send a
>   RST and drop the packet.

is equivalent to Don Lewis's previous suggestion of dropping SYN+ACK in
SYN_RECEIVED; NetBSD's SYN-flood protection apparently keeps the socket
in LISTEN where in FreeBSD it would be in SYN_RECEIVED.

  Bill