Date: Fri, 22 May 2009 00:37:50 +0100 From: Rui Paulo <rpaulo@freebsd.org> To: David DeSimone <fox@verio.net> Cc: freebsd-net@freebsd.org Subject: Re: [PATCH] SYN issue Message-ID: <7B86B602-BE19-4AD7-9B70-CCC3BFC933A8@freebsd.org> In-Reply-To: <20090521173725.GB3992@verio.net> References: <20090519211346.GC675@isilon.com> <20090521173725.GB3992@verio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-7-501382208 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On 21 May 2009, at 18:37, David DeSimone wrote: > Zachary Loafman <zachary.loafman@isilon.com> wrote: >> >> After correcting the above, any SYN that doesn't exactly match >> the initial sequence number results in a RST|ACK response and the >> ESTABLISHED connection being dropped. > > Maybe I am jumping to conclusions here, but does this mean that > someone > can spoof a SYN from your IP and source port and force your connection > to be torn down? I don't think so. First of all the seq must be on the left of the recv window, and second, we already do this for the right of the recv window. I believe this is how the standard defined it to be. -- Rui Paulo --Apple-Mail-7-501382208 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkoV5c4ACgkQfD8M/ASTygJ48ACgql9XLk/tZUb+0A41aebG35bw oVsAoMII3TUNwNKzeaX0hg1neqS6XXdo =vZSB -----END PGP SIGNATURE----- --Apple-Mail-7-501382208--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7B86B602-BE19-4AD7-9B70-CCC3BFC933A8>