Date: Thu, 22 Apr 2004 03:16:12 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Darren Reed <avalon@caligula.anu.edu.au> Cc: jayanth@yahoo-inc.com Subject: Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) Message-ID: <20040422031525.E19921@odysseus.silby.com> In-Reply-To: <200404220628.i3M6SHVJ017187@caligula.anu.edu.au> References: <200404220628.i3M6SHVJ017187@caligula.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Apr 2004, Darren Reed wrote: > > 1. RSTs exactly at last_ack_sent (always accepted) > > To pursue this thought further, if a FIN has been sent or received > (connection has migrated from ESTABLISHED to CLOSE_WAIT or something > else) then receiving an RST at this point should be much less of a > problem, yes ? > > The only drawback is I've seen sessions where there's a last ditch > attempt to get data through even though a FIN has been received. > > Darren Are you suggesting that we use the strict check during the ESTABLISHED phase, and the window-wide check during all other phases? Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040422031525.E19921>