From owner-freebsd-net@FreeBSD.ORG Thu May 21 17:37:28 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF860106564A for ; Thu, 21 May 2009 17:37:28 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from relay1-bcrtfl2.verio.net (relay1-bcrtfl2.verio.net [131.103.218.142]) by mx1.freebsd.org (Postfix) with ESMTP id BDECB8FC12 for ; Thu, 21 May 2009 17:37:28 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from iad-wprd-xchw01.corp.verio.net (iad-wprd-xchw01.corp.verio.net [198.87.7.164]) by relay1-bcrtfl2.verio.net (Postfix) with ESMTP id E0EA2B0380AC for ; Thu, 21 May 2009 13:37:27 -0400 (EDT) thread-index: AcnaOs8yJxzvtlfwTpOKChcrVx49ww== Received: from dllstx1-8sst9f1.corp.verio.net ([10.144.0.59]) by iad-wprd-xchw01.corp.verio.net over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Thu, 21 May 2009 13:37:26 -0400 Received: by dllstx1-8sst9f1.corp.verio.net (sSMTP sendmail emulation); Thu, 21 May 2009 12:37:25 +0000 Date: Thu, 21 May 2009 12:37:25 -0500 Content-Transfer-Encoding: 7bit From: "David DeSimone" To: Importance: normal Priority: normal Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3168 Message-ID: <20090521173725.GB3992@verio.net> Mail-Followup-To: freebsd-net@freebsd.org References: <20090519211346.GC675@isilon.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20090519211346.GC675@isilon.com> Precedence: bulk User-Agent: Mutt/1.5.18 (2008-05-17) X-OriginalArrivalTime: 21 May 2009 17:37:26.0514 (UTC) FILETIME=[CE8DFD20:01C9DA3A] Subject: Re: [PATCH] SYN issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 May 2009 17:37:29 -0000 Zachary Loafman wrote: > > After correcting the above, any SYN that doesn't exactly match > the initial sequence number results in a RST|ACK response and the > ESTABLISHED connection being dropped. Maybe I am jumping to conclusions here, but does this mean that someone can spoof a SYN from your IP and source port and force your connection to be torn down? -- David DeSimone == Network Admin == fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.