From owner-freebsd-security@FreeBSD.ORG Wed Apr 21 23:28:19 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F183416A4CE for ; Wed, 21 Apr 2004 23:28:19 -0700 (PDT) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DAE043D1D for ; Wed, 21 Apr 2004 23:28:19 -0700 (PDT) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i3M6SHbF017189; Thu, 22 Apr 2004 16:28:17 +1000 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i3M6SHVJ017187; Thu, 22 Apr 2004 16:28:17 +1000 (EST) From: Darren Reed Message-Id: <200404220628.i3M6SHVJ017187@caligula.anu.edu.au> To: silby@silby.com (Mike Silbersack) Date: Thu, 22 Apr 2004 16:28:17 +1000 (Australia/ACT) In-Reply-To: <20040422012305.Y19921@odysseus.silby.com> from "Mike Silbersack" at Apr 22, 2004 01:28:20 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org cc: jayanth@yahoo-inc.com Subject: Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Apr 2004 06:28:20 -0000 In some mail from Mike Silbersack, sie said: > On Wed, 21 Apr 2004, Don Lewis wrote: > > On 21 Apr, Mike Silbersack wrote: > > > Do you have access to a system that exhibits the "RST at end of window" > > > syndrome so that you could code up and test out this part of the patch? > > > > Nope. The only report of this that I saw was from jayanth. Judging by > > the tcpdump timestamps, it looks like whatever this wierd piece of > > hardware was, it was nearby. > > Something just occured to me... we can just lump the "RST at end of > window" case into the whole "RST somewhere in the window case". In that > way, we only need two cases: > > 1. RSTs exactly at last_ack_sent (always accepted) To pursue this thought further, if a FIN has been sent or received (connection has migrated from ESTABLISHED to CLOSE_WAIT or something else) then receiving an RST at this point should be much less of a problem, yes ? The only drawback is I've seen sessions where there's a last ditch attempt to get data through even though a FIN has been received. Darren