From owner-freebsd-current  Mon Jan 19 11:31:37 1998
Return-Path: <owner-freebsd-current>
Received: (from daemon@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA08783
          for current-outgoing; Mon, 19 Jan 1998 11:31:37 -0800 (PST)
          (envelope-from owner-freebsd-current)
Received: from alpha.xerox.com (firewall-user@alpha.Xerox.COM [13.1.64.93])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA08768
          for <freebsd-current@freebsd.org>; Mon, 19 Jan 1998 11:31:24 -0800 (PST)
          (envelope-from fenner@parc.xerox.com)
Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <52774(3)>; Mon, 19 Jan 1998 11:31:09 PST
Received: from localhost by crevenia.parc.xerox.com with SMTP id <177476>; Mon, 19 Jan 1998 11:31:00 -0800
To: spork <spork@super-g.com>
cc: "David M. Holloway" <daveh@csua.berkeley.edu>, freebsd-current@freebsd.org
Subject: Re: LAND attack 
In-reply-to: Your message of "Wed, 14 Jan 98 11:54:37 PST."
             <Pine.BSF.3.96.980114145312.7194B-100000@super-g.inch.com> 
Date: Mon, 19 Jan 1998 11:30:54 PST
From: Bill Fenner <fenner@parc.xerox.com>
Message-Id: <98Jan19.113100pst.177476@crevenia.parc.xerox.com>
Sender: owner-freebsd-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

spork <spork@super-g.com> wrote:
>This is interesting.  We have a machine that is "patched", but seems to
>still be getting hit by land.  It has lots of virtual interfaces.

I haven't yet been able to get a multi-homed machine to "land" using
multiple interfaces, but it's theoretically possible, and I'm the first
to admit that crackers have much more time on their hands than I do.

Can you try the patch at the end of PR #kern/5103 (see
http://www.freebsd.org/cgi/query-pr.cgi?pr=5103) and see if it
helps?  I'm about to commit a slightly modified version of it.

Thanks,
  Bill