Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 17 Dec 2000 16:23:46 -0800
From:      "David Schwartz" <davids@webmaster.com>
To:        "Poul-Henning Kamp" <phk@critter.freebsd.dk>, "Kris Kennaway" <kris@FreeBSD.org>
Cc:        <cvs-all@FreeBSD.org>, <security-officer@FreeBSD.org>
Subject:   RE: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h 
Message-ID:  <NCBBLIEPOCNJOAEKBEAKCEFFMIAA.davids@webmaster.com>
In-Reply-To: <17340.977045052@critter>

next in thread | previous in thread | raw e-mail | index | archive | help

> Since we only react to this in "SYN-SENT" I think the window of
> opportunity is rather small in the first place...

	That assumes you don't know exactly when and where a machine is going to
make a particular connection attempt. But there are security-critical tests
wherein the attacker would know this exact information.

	Consider, for example, an ident check. When I connect to you, I know you
are immediately going to make an outbound connection to a particular IP and
port. Similar arguments could be made about NIS. The same goes for proxy
checking. Consider a chat server immediately after a split. I'm sure others
could think of more (and more serious) examples.

	My understanding was that modern operating systems do not follow the RFC in
this respect. They simply store the information and use it to (possibly)
modify the error code they return when/if the connection attempt fails.

	DS



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NCBBLIEPOCNJOAEKBEAKCEFFMIAA.davids>