From owner-freebsd-security Tue Jun 3 00:11:59 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id AAA11985 for security-outgoing; Tue, 3 Jun 1997 00:11:59 -0700 (PDT) Received: from plum.cyber.com.au (plum.cyber.com.au [203.7.155.24]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id AAA11964 for ; Tue, 3 Jun 1997 00:11:52 -0700 (PDT) Received: (from darrenr@localhost) by plum.cyber.com.au (8.6.12/8.6.6) id RAA01953; Tue, 3 Jun 1997 17:11:24 +1000 From: Darren Reed Message-Id: <199706030711.RAA01953@plum.cyber.com.au> Subject: Re: TCP RST Handling in 2.2 (fwd) To: adam@homeport.org (Adam Shostack) Date: Tue, 3 Jun 1997 17:11:24 +1000 (EST) Cc: wollman@khavrinen.lcs.mit.edu, darrenr@cyber.com.au, security@FreeBSD.ORG In-Reply-To: <199706030324.XAA20211@homeport.org> from "Adam Shostack" at Jun 2, 97 11:24:15 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In some mail I received from Adam Shostack, sie wrote > Garrett Wollman wrote: > | < said: > | > | > Currently, not even the SEQ number is verified (for an RST packet) - i.e. > | > that the ACK does acknowledge the SYN. > | > | > I think there is room for improvement in the code. Comments ? > | > | Certainly. It might also be worth implementing the three-way RST > | handshake which has been proposed by some to fill some theoretical > | gaps in TCP's handling of resets which could (very rarely) result in > | innocent connections getting reset. > > I'd strongly recommend against implementing a non standard > TCP mod as anything but an option for those who want to play with it. > Please don't put it in the base code. Ahem. This isn't a "play" thing. It's a bug which needs fixing. Darren