Date: Sun, 23 Nov 1997 12:50:06 +1100 From: Darren Reed <avalon@coombs.anu.edu.au> Message-ID: <199711230150.RAA10118@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>From owner-bugtraq@NETSPACE.ORG Sun Nov 23 10:52:48 EDT 1997 remote from cheops
Received: from brimstone.netspace.org by postbox.anu.edu.au with ESMTP
(1.37.109.16/16.2) id AA065112764; Sun, 23 Nov 1997 10:52:44 +1100
Received: from unknown@netspace.org (port 19009 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <97815-18069>; Sat, 22 Nov 1997 18:01:59 -0500
Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with
spool id 5806752 for BUGTRAQ@NETSPACE.ORG; Sat, 22 Nov 1997 17:57:38
-0500
Received: from brimstone.netspace.org (brimstone.netspace.org
[128.148.157.143]) by netspace.org (8.8.7/8.8.2) with ESMTP id
RAA30774 for <BUGTRAQ@NETSPACE.ORG>; Sat, 22 Nov 1997 17:46:32 -0500
Received: from unknown@netspace.org (port 19009 [128.148.157.6]) by
brimstone.netspace.org with ESMTP id <97470-15165>; Sat, 22 Nov 1997
17:46:08 -0500
Approved-By: aleph1@UNDERGROUND.ORG
Received: from bikini.ai.mit.edu (bikini.ai.mit.edu [128.52.32.254]) by
netspace.org (8.8.7/8.8.2) with ESMTP id OAA24040 for
<BUGTRAQ@NETSPACE.ORG>; Sat, 22 Nov 1997 14:43:09 -0500
Received: (from mycroft@localhost) by bikini.ai.mit.edu (8.8.7/8.8.6) id
OAA08548; Sat, 22 Nov 1997 14:47:21 -0500 (EST)
References: <Pine.SUN.3.94.971120151852.17245C-100000@dfw.dfw.net>
<el24t54n3dc.fsf@bikini.ai.mit.edu>
Lines: 25
X-Mailer: Gnus v5.3/Emacs 19.34
Message-Id: <el267pklnhz.fsf@bikini.ai.mit.edu>
Date: Sat, 22 Nov 1997 14:47:20 -0500
Reply-To: "Charles M. Hannum" <mycroft@MIT.EDU>
Sender: avalon
From: "Charles M. Hannum" <mycroft@MIT.EDU>
Subject: Re: "LAND" Attack Update
X-To: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: mycroft@mit.edu's message of 22 Nov 1997 14:19:11 -0500
mycroft@mit.edu (Charles M. Hannum) writes:
>
> 2) A socket in LISTEN state is not initiating a connection attempt, so
> if it receives a SYN-only packet from itself, it *must* be a
> forgery. A self-connect would cause the socket to no longer be in
> LISTEN state before the SYN-only packet arrives. There's no point
> in sending a RST in this case, since we'd just be sending it to
> ourselves.
>
> (Actually, this change isn't really complete; in theory, if the
> LISTEN socket was bound to INADDR_ANY, then we should check whether
> the source address of the SYN was any of our local addreses, not
> just that it matches the destination. However, a failure to detect
> the attack at this point will merely generate an extra SYN+ACK that
> will be dropped by the first change.)
BTW, on a related note...
The FreeBSD hack to `fix' (or not allow) self-connects DOES NOT WORK
FOR MULTIHOMED HOSTS. It's still possible to crash a multihomed
FreeBSD system by locally running a program that connects a TCP socket
to itself.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711230150.RAA10118>