Date: Wed, 1 Oct 1997 04:58:55 -0700 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: dg@root.com, Don Lewis <Don.Lewis@tsc.tdk.com> Cc: Richard Jones <richard@a42.deep-thought.org>, pst@freebsd.org, hackers@freebsd.org, bugs@freebsd.org Subject: Re: FreeBSD TCP stack and RST processing [subj changed] Message-ID: <199710011158.EAA14360@salsa.gv.tsc.tdk.com> In-Reply-To: David Greenman <dg@root.com> "Re: FreeBSD TCP stack and RST processing [subj changed]" (Oct 1, 4:51am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 1, 4:51am, David Greenman wrote:
} Subject: Re: FreeBSD TCP stack and RST processing [subj changed]
} ----------------------------
} revision 1.52
} date: 1996/10/07 04:32:39; author: pst; state: Exp; lines: +23 -13
} Increase robustness of FreeBSD against high-rate connection attempt
} denial of service attacks.
It sure looks to me like it does the opposite :-(
I'd either back this patch out entirely, or only do the ack check. A third
possibility would be to always call tcp_drop() if TH_RST is set in the
TCPS_SYN_RECEIVED state, no matter if TH_ACK is set or not.
I looked at {Open,Net}BSD and neither of them picked up this change.
--- Truck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710011158.EAA14360>