Date: Thu, 19 Mar 1998 16:43:34 -0800 (PST) From: Bill Fenner <fenner@FreeBSD.ORG> To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-sys@FreeBSD.ORG Subject: cvs commit: src/sys/netinet tcp_input.c Message-ID: <199803200043.QAA01002@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
fenner 1998/03/19 16:43:33 PST
Modified files:
sys/netinet tcp_input.c
Log:
Remove the check for SYN in SYN_RECEIVED state; it breaks simultaneous
connect. This check was added as part of the defense against the "land"
attack, to prevent attacks which guess the ISS from going into ESTABLISHED.
The "src == dst" check will still prevent the single-homed case of the
"land" attack, and guessing ISS's should be hard anyway.
Submitted by: David Borman <dab@bsdi.com>
Revision Changes Path
1.71 +4 -10 src/sys/netinet/tcp_input.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803200043.QAA01002>