From owner-cvs-sys  Thu Mar 19 16:44:02 1998
Return-Path: <owner-cvs-sys>
Received: (from daemon@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA11473
          for cvs-sys-outgoing; Thu, 19 Mar 1998 16:44:02 -0800 (PST)
          (envelope-from owner-cvs-sys)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA11379;
          Thu, 19 Mar 1998 16:43:35 -0800 (PST)
          (envelope-from fenner@FreeBSD.org)
From: Bill Fenner <fenner@FreeBSD.ORG>
Received: (from fenner@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id QAA01002;
	Thu, 19 Mar 1998 16:43:34 -0800 (PST)
Date: Thu, 19 Mar 1998 16:43:34 -0800 (PST)
Message-Id: <199803200043.QAA01002@freefall.freebsd.org>
To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-sys@FreeBSD.ORG
Subject: cvs commit: src/sys/netinet tcp_input.c
Sender: owner-cvs-sys@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

fenner      1998/03/19 16:43:33 PST

  Modified files:
    sys/netinet          tcp_input.c 
  Log:
  Remove the check for SYN in SYN_RECEIVED state; it breaks simultaneous
  connect.  This check was added as part of the defense against the "land"
  attack, to prevent attacks which guess the ISS from going into ESTABLISHED.
  The "src == dst" check will still prevent the single-homed case of the
  "land" attack, and guessing ISS's should be hard anyway.
  
  Submitted by:	David Borman <dab@bsdi.com>
  
  Revision  Changes    Path
  1.71      +4 -10     src/sys/netinet/tcp_input.c