Date: Thu, 20 Nov 1997 12:10:06 -0800 (PST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: freebsd-bugs Subject: kern/5103: FreeBSD kernel lockup from spoofed TCP packet Message-ID: <199711202010.MAA02925@hub.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR kern/5103; it has been noted by GNATS. From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: freebsd-gnats-submit@freebsd.org Cc: Subject: kern/5103: FreeBSD kernel lockup from spoofed TCP packet Date: Thu, 20 Nov 1997 15:08:52 -0500 (EST) <<On Thu, 20 Nov 1997 04:31:21 -0800 (PST), Matt Dillon <dillon@best.net> said: > not sure about this. I hacked our kernels to discard any packet > where ti_src.s_addr == ti_dst.s_addr && ti_sport == ti_dport. I > am hoping this will prevent the attack from looping the code. I added this quick hack to tcp_input.c in rev. 1.66, and changed the PR's state to `serious'. There is still an underlying bug, since self-connect not only should work, but once did. The same hack should be brought into -stable once it is verified to solve the problem (and it certainly should). -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschickhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711202010.MAA02925>