Date: Fri, 07 Jan 2000 23:07:37 -0500 (EST) From: Colin <cwass99@home.com> To: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> Cc: hackers@FreeBSD.ORG, Mark Newton <newton@internode.com.au> Subject: Re: sppp behaviour Message-ID: <XFMail.20000107230737.cwass99@home.com> In-Reply-To: <20000107171851.A68197@gil.physik.rwth-aachen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07-Jan-2000 Christoph Kukulies wrote:
>>
>> Same as on any other OS: You get a new IP address when you reestablish
>> your connection to the ISP, so the hosts at the other ends of any active
>> network connections you happened to have open when you dropped your
>> link will be sending their ACKs and data to someone else (who will
>> no doubt start sending RST's, clearing the connections altogether, if
>> anyone is responding on your old address at all).
This is only true if the connection was gone long enough for your lease
from the DHCP server to expire or the DHCP server is configured to not re-issue
an address requested by a dynamically served host on reconnect.
> But I'm thinking about how this sould be accomplished nonetheless
> technically. There are sockets open at both ends and the route gets
> lost inbetween. Could that be signalled to the process or could the
> subsequent route change be signalled to the connection to change
> the addresses it's bound to.
>
> What is KeepAlive for in this context?
>
Even though there are potentially open sockets at each end, your host has a
new address. There is no reasonable way to associate the new address with the
old address from the perspective of the other end. If nothing else, any checks
based on reverse look-ups and such are automatically useless. The security
implications of a process such as you are describing is more than a little scary
;) It would take the script-kiddies about 15 minutes to learn how to spoof
such a dynamic route change.
To avoid this whole situation you'll need some kind of heart-beat across
the connection. Maybe a short perl script to do a reverse look-up on yourself
at intervals of half the idle timeout period?
----------------------------------
E-Mail: Colin <cwass99@home.com>
Date: 07-Jan-2000
Time: 22:52:36
This message was sent by XFMail
----------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20000107230737.cwass99>