Date: Thu, 17 Sep 1998 22:45:49 +1000 (EST) From: Darren Reed <darrenr@reed.wattle.id.au> To: darrenr@reed.wattle.id.au (Darren Reed) Subject: Making "stealth" scans harder. Message-ID: <199809171245.WAA03566@avalon.reed.wattle.id.au>
next in thread | raw e-mail | index | archive | help
The below patch helps to reduce the leakage of internal socket information
when a TCP "stealth" scan is directed at a *BSD box by ensuring the window
is 0 for all RST packets generated through tcp_respond(). Patch is against
NetBSD-1.3G but should apply to others with some fuzz.
Cheers,
Darren
*** tcp_subr.c.orig Sun Aug 2 21:16:42 1998
--- tcp_subr.c Thu Sep 17 22:38:51 1998
***************
*** 214,220 ****
struct route *ro = 0;
if (tp) {
! win = sbspace(&tp->t_inpcb->inp_socket->so_rcv);
ro = &tp->t_inpcb->inp_route;
}
if (m == 0) {
--- 214,221 ----
struct route *ro = 0;
if (tp) {
! if (!(flags & TH_RST))
! win = sbspace(&tp->t_inpcb->inp_socket->so_rcv);
ro = &tp->t_inpcb->inp_route;
}
if (m == 0) {
***************
*** 247,253 ****
ti->ti_ack = htonl(ack);
ti->ti_x2 = 0;
if ((flags & TH_SYN) == 0) {
! if (tp)
ti->ti_win = htons((u_int16_t) (win >> tp->rcv_scale));
else
ti->ti_win = htons((u_int16_t)win);
--- 248,254 ----
ti->ti_ack = htonl(ack);
ti->ti_x2 = 0;
if ((flags & TH_SYN) == 0) {
! if (tp && !(flags & TH_RST))
ti->ti_win = htons((u_int16_t) (win >> tp->rcv_scale));
else
ti->ti_win = 0;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809171245.WAA03566>