From owner-freebsd-current  Thu Jan  8 19:23:02 1998
Return-Path: <owner-freebsd-current>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id TAA03647
          for current-outgoing; Thu, 8 Jan 1998 19:23:02 -0800 (PST)
          (envelope-from owner-freebsd-current)
Received: from soda.CSUA.Berkeley.EDU (DtJY3dVVaYefW+2AfS1CLCMyVBb1tuPX@soda.CSUA.Berkeley.EDU [128.32.43.52])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA03190
          for <freebsd-current@freebsd.org>; Thu, 8 Jan 1998 19:17:53 -0800 (PST)
          (envelope-from daveh@CSUA.Berkeley.EDU)
Received: from soda.CSUA.Berkeley.EDU (localhost [127.0.0.1]) 
	by soda.CSUA.Berkeley.EDU (8.8.8/) via ESMTP id RAA29799
        for <freebsd-current@freebsd.org>; Thu, 8 Jan 1998 17:38:52 -0800 (PST)
        env-from (daveh@CSUA.Berkeley.EDU)
Message-Id: <199801090138.RAA29799@soda.CSUA.Berkeley.EDU>
To: freebsd-current@freebsd.org
Subject: LAND attack
Date: Thu, 08 Jan 1998 17:38:51 -0800
From: "David M. Holloway" <daveh@CSUA.Berkeley.EDU>
Sender: owner-freebsd-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Regarding this little addition in tcp_input.c
This doesnt appear to guard against attacks
where the sender and receiver are different
ip address but happen to be the same machine(multi-homed)

Any comments?

	/*
	 * Reject attempted self-connects.  XXX This actually masks
	 * a bug elsewhere, since self-connect should work.
	 * However, a urrently-active DoS attack in the Internet
	 * sends a phony self-connect request which causes an infinite
	 * loop.
	 */
	if (ti->ti_src.s_addr == ti->ti_dst.s_addr
	    && ti->ti_sport == ti->ti_dport) {
		tcpstat.tcps_badsyn++;
		goto drop;
	}

	/*