From owner-freebsd-security  Sat Nov 22 12:06:05 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id MAA22822
          for security-outgoing; Sat, 22 Nov 1997 12:06:05 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id MAA22815
          for <security@freebsd.org>; Sat, 22 Nov 1997 12:06:02 -0800 (PST)
          (envelope-from fenner@parc.xerox.com)
Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <52774(4)>; Sat, 22 Nov 1997 12:05:20 PST
Received: from localhost by crevenia.parc.xerox.com with SMTP id <177476>; Sat, 22 Nov 1997 12:05:08 -0800
To: Don Lewis <Don.Lewis@tsc.tdk.com>
cc: Darren Reed <avalon@coombs.anu.edu.au>, jas@flyingfox.com,
        robert@cyrus.watson.org, security@freebsd.org
Subject: Re: new TCP/IP bug in win95 (fwd)g 
In-reply-to: Your message of "Sat, 22 Nov 97 03:25:54 PST."
             <199711221125.DAA17122@salsa.gv.tsc.tdk.com> 
Date: Sat, 22 Nov 1997 12:04:57 PST
From: Bill Fenner <fenner@parc.xerox.com>
Message-Id: <97Nov22.120508pst.177476@crevenia.parc.xerox.com>
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

The one caveat is that it means that an old SYN/ACK from a connection
that was established in the other direction could assassinate a new
connection.  But sequence numbers would have to have wrapped, and TCP
assumes that you don't get old duplicates after the sequence numbers have
wrapped anyway, so I suspect this is safe.

  Bill