From owner-freebsd-current Wed Jan 14 11:55:08 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA16097 for current-outgoing; Wed, 14 Jan 1998 11:55:08 -0800 (PST) (envelope-from owner-freebsd-current) Received: from super-g.inch.com ([207.240.140.161]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA16080 for ; Wed, 14 Jan 1998 11:54:52 -0800 (PST) (envelope-from spork@super-g.com) Received: from localhost (localhost [127.0.0.1]) by super-g.inch.com (8.8.8/8.8.5) with SMTP id OAA08270; Wed, 14 Jan 1998 14:54:37 -0500 (EST) Date: Wed, 14 Jan 1998 14:54:37 -0500 (EST) From: spork X-Sender: spork@super-g.inch.com To: "David M. Holloway" cc: freebsd-current@freebsd.org Subject: Re: LAND attack In-Reply-To: <199801090138.RAA29799@soda.CSUA.Berkeley.EDU> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, This is interesting. We have a machine that is "patched", but seems to still be getting hit by land. It has lots of virtual interfaces. Have you received any feedback on this question? Thanks, Charles Sprickman spork@super-g.com ---- "I'm not a prophet or a stone-age man Just a mortal with potential of a superman I'm living on" -DB On Thu, 8 Jan 1998, David M. Holloway wrote: > Regarding this little addition in tcp_input.c > This doesnt appear to guard against attacks > where the sender and receiver are different > ip address but happen to be the same machine(multi-homed) > > Any comments? > > /* > * Reject attempted self-connects. XXX This actually masks > * a bug elsewhere, since self-connect should work. > * However, a urrently-active DoS attack in the Internet > * sends a phony self-connect request which causes an infinite > * loop. > */ > if (ti->ti_src.s_addr == ti->ti_dst.s_addr > && ti->ti_sport == ti->ti_dport) { > tcpstat.tcps_badsyn++; > goto drop; > } > > /* >