Date: Thu, 22 Apr 2004 16:28:17 +1000 (Australia/ACT) From: Darren Reed <avalon@caligula.anu.edu.au> To: silby@silby.com (Mike Silbersack) Cc: jayanth@yahoo-inc.com Subject: Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) Message-ID: <200404220628.i3M6SHVJ017187@caligula.anu.edu.au> In-Reply-To: <20040422012305.Y19921@odysseus.silby.com> from "Mike Silbersack" at Apr 22, 2004 01:28:20 AM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Mike Silbersack, sie said: > On Wed, 21 Apr 2004, Don Lewis wrote: > > On 21 Apr, Mike Silbersack wrote: > > > Do you have access to a system that exhibits the "RST at end of window" > > > syndrome so that you could code up and test out this part of the patch? > > > > Nope. The only report of this that I saw was from jayanth. Judging by > > the tcpdump timestamps, it looks like whatever this wierd piece of > > hardware was, it was nearby. > > Something just occured to me... we can just lump the "RST at end of > window" case into the whole "RST somewhere in the window case". In that > way, we only need two cases: > > 1. RSTs exactly at last_ack_sent (always accepted) To pursue this thought further, if a FIN has been sent or received (connection has migrated from ESTABLISHED to CLOSE_WAIT or something else) then receiving an RST at this point should be much less of a problem, yes ? The only drawback is I've seen sessions where there's a last ditch attempt to get data through even though a FIN has been received. Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404220628.i3M6SHVJ017187>