From owner-freebsd-net@FreeBSD.ORG Fri May 22 00:08:05 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A021106566C for ; Fri, 22 May 2009 00:08:05 +0000 (UTC) (envelope-from rpaulo@gmail.com) Received: from mail-ew0-f159.google.com (mail-ew0-f159.google.com [209.85.219.159]) by mx1.freebsd.org (Postfix) with ESMTP id 0E0D88FC24 for ; Fri, 22 May 2009 00:08:04 +0000 (UTC) (envelope-from rpaulo@gmail.com) Received: by ewy3 with SMTP id 3so1604994ewy.43 for ; Thu, 21 May 2009 17:08:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-pgp-agent:x-mailer; bh=WSn0HZzQJIeyZOF24TGDDwYgtGa77y5Fhi7OmD5Vvt4=; b=L3WnigloPPPpeyGp3g8/julUY4tp0Y+jrYz7KnHYYhuaNxVa6gVTDhUaR88U5LIeKq TeQZ6qDS8U7EWzLPxTEbpyOhOSpTx0ggTm8h+1emz2iRwVVJLfcvkSB63fNknU8tcgxt L1+MTN/YZA2lhHt/8V5crDsVYIJLw4N1fZwrM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-pgp-agent:x-mailer; b=Ommt52+1BPx12yGzicpfcUHyFegrzCs2dOOlShyWJMqpcEjurraW1qpdmZQAIvegVS 4RSZC7sP6rfqb7XnyR7NiMSYJ17O2Ri7cdoVi8ZhOEUpw77LT/YwlUcRZ++/l5wEIWcM wU3/QO1jCNq9+LxzUNdRPHPXJDWOzbmkNMnpU= Received: by 10.210.56.7 with SMTP id e7mr3973679eba.24.1242949076040; Thu, 21 May 2009 16:37:56 -0700 (PDT) Received: from epsilon.lan (bl6-150-156.dsl.telepac.pt [82.155.150.156]) by mx.google.com with ESMTPS id 28sm489144eyg.44.2009.05.21.16.37.55 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 21 May 2009 16:37:55 -0700 (PDT) Sender: Rui Paulo Message-Id: <7B86B602-BE19-4AD7-9B70-CCC3BFC933A8@freebsd.org> From: Rui Paulo To: David DeSimone In-Reply-To: <20090521173725.GB3992@verio.net> Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-7-501382208" Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Fri, 22 May 2009 00:37:50 +0100 References: <20090519211346.GC675@isilon.com> <20090521173725.GB3992@verio.net> X-Pgp-Agent: GPGMail 1.2.0 (v56) X-Mailer: Apple Mail (2.935.3) Cc: freebsd-net@freebsd.org Subject: Re: [PATCH] SYN issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 00:08:05 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-7-501382208 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On 21 May 2009, at 18:37, David DeSimone wrote: > Zachary Loafman wrote: >> >> After correcting the above, any SYN that doesn't exactly match >> the initial sequence number results in a RST|ACK response and the >> ESTABLISHED connection being dropped. > > Maybe I am jumping to conclusions here, but does this mean that > someone > can spoof a SYN from your IP and source port and force your connection > to be torn down? I don't think so. First of all the seq must be on the left of the recv window, and second, we already do this for the right of the recv window. I believe this is how the standard defined it to be. -- Rui Paulo --Apple-Mail-7-501382208 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkoV5c4ACgkQfD8M/ASTygJ48ACgql9XLk/tZUb+0A41aebG35bw oVsAoMII3TUNwNKzeaX0hg1neqS6XXdo =vZSB -----END PGP SIGNATURE----- --Apple-Mail-7-501382208--