Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Apr 2004 16:28:17 +1000 (Australia/ACT)
From:      Darren Reed <avalon@caligula.anu.edu.au>
To:        silby@silby.com (Mike Silbersack)
Cc:        jayanth@yahoo-inc.com
Subject:   Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)
Message-ID:  <200404220628.i3M6SHVJ017187@caligula.anu.edu.au>
In-Reply-To: <20040422012305.Y19921@odysseus.silby.com> from "Mike Silbersack" at Apr 22, 2004 01:28:20 AM

next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Mike Silbersack, sie said:
> On Wed, 21 Apr 2004, Don Lewis wrote:
> > On 21 Apr, Mike Silbersack wrote:
> > > Do you have access to a system that exhibits the "RST at end of window"
> > > syndrome so that you could code up and test out this part of the patch?
> >
> > Nope.  The only report of this that I saw was from jayanth.  Judging by
> > the tcpdump timestamps, it looks like whatever this wierd piece of
> > hardware was, it was nearby.
> 
> Something just occured to me... we can just lump the "RST at end of
> window" case into the whole "RST somewhere in the window case".  In that
> way, we only need two cases:
> 
> 1.  RSTs exactly at last_ack_sent (always accepted)

To pursue this thought further, if a FIN has been sent or received
(connection has migrated from ESTABLISHED to CLOSE_WAIT or something
else) then receiving an RST at this point should be much less of a
problem, yes ?

The only drawback is I've seen sessions where there's a last ditch
attempt to get data through even though a FIN has been received.

Darren



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404220628.i3M6SHVJ017187>