From owner-freebsd-security Fri Jan 21 7:31:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id C5AE014E43 for ; Fri, 21 Jan 2000 07:31:53 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id HAA06090; Fri, 21 Jan 2000 07:31:49 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id HAA47826; Fri, 21 Jan 2000 07:31:48 -0800 (PST) (envelope-from Don.Lewis@tsc.tdk.com) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id HAA13140; Fri, 21 Jan 2000 07:31:48 -0800 (PST) Message-Id: <200001211531.HAA13140@salsa.gv.tsc.tdk.com> From: gdonl@tsc.tdk.com (Don Lewis) Date: Fri, 21 Jan 2000 07:31:48 -0800 In-Reply-To: Brett Glass "stream.c worst-case kernel paths" (Jan 20, 8:17pm) X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98) To: Brett Glass , security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Jan 20, 8:17pm, Brett Glass wrote: } Subject: stream.c worst-case kernel paths } This suggests that restricting RSTs will help with the DoS. (Does anyone know if } not sending an RST violates any RFCs if there was never a connection?) Yes, it's a violation. If there is a TCP connection to a host that crashes and reboots and that host doesn't send RST packets in response to packets belonging to the old connection, its peer won't be notified that the connection is no longer valid. Doing this also means that the host will not make any attempt to tear down a spoofed TCP connection using its IP address. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message