From owner-freebsd-security  Mon Jun  2 22:29:43 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id WAA05729
          for security-outgoing; Mon, 2 Jun 1997 22:29:43 -0700 (PDT)
Received: from zibbi.mikom.csir.co.za (zibbi.mikom.csir.co.za [146.64.24.58])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA05720
          for <security@FreeBSD.ORG>; Mon, 2 Jun 1997 22:29:37 -0700 (PDT)
Received: (from jhay@localhost)
	by zibbi.mikom.csir.co.za (8.8.5/8.8.5) id HAA03199;
	Tue, 3 Jun 1997 07:23:20 +0200 (SAT)
From: John Hay <jhay@zibbi.mikom.csir.co.za>
Message-Id: <199706030523.HAA03199@zibbi.mikom.csir.co.za>
Subject: Re: TCP RST Handling in 2.2 (fwd)
In-Reply-To: <199706030324.XAA20211@homeport.org> from Adam Shostack at "Jun 2, 97 11:24:15 pm"
To: adam@homeport.org (Adam Shostack)
Date: Tue, 3 Jun 1997 07:23:20 +0200 (SAT)
Cc: wollman@khavrinen.lcs.mit.edu, darrenr@cyber.com.au, security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> 
> Garrett Wollman wrote:
> | <<On Tue, 3 Jun 1997 08:38:23 +1000 (EST), Darren Reed <darrenr@cyber.com.au> said:
> | 
> | > Currently, not even the SEQ number is verified (for an RST packet) - i.e.
> | > that the ACK does acknowledge the SYN.
> | 
> | > I think there is room for improvement in the code.  Comments ?
> | 
> | Certainly.  It might also be worth implementing the three-way RST
> | handshake which has been proposed by some to fill some theoretical
> | gaps in TCP's handling of resets which could (very rarely) result in
> | innocent connections getting reset.
> 
> 	I'd strongly recommend against implementing a non standard
> TCP mod as anything but an option for those who want to play with it.
> Please don't put it in the base code.
> 

But if we can get something better than we have now, I would feel a lot
better. Last week we had the case here where tcp connections between
machines would just die at random with a "connection reset by peer"
message. It turned out that there was an old Windows 3.1 box with
Trumpet Winsock v1.0b which send Reset messages "at random" for connections
that had nothing to do with it, execept that it was on the same piece
of ethernet coax.

John
-- 
John Hay -- John.Hay@mikom.csir.co.za