From owner-freebsd-security Fri Nov 21 15:08:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA22723 for security-outgoing; Fri, 21 Nov 1997 15:08:46 -0800 (PST) (envelope-from owner-freebsd-security) Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id PAA22713 for ; Fri, 21 Nov 1997 15:08:40 -0800 (PST) (envelope-from fenner@parc.xerox.com) Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <53741(6)>; Fri, 21 Nov 1997 15:08:03 PST Received: from localhost by crevenia.parc.xerox.com with SMTP id <177476>; Fri, 21 Nov 1997 15:07:48 -0800 To: Jim Shankland cc: Don.Lewis@tsc.tdk.com, security@freebsd.org Subject: Re: new TCP/IP bug in win95 (fwd) In-reply-to: Your message of "Fri, 21 Nov 97 09:11:25 PST." <199711211711.JAA04036@biggusdiskus.flyingfox.com> Date: Fri, 21 Nov 1997 15:07:35 PST From: Bill Fenner Message-Id: <97Nov21.150748pst.177476@crevenia.parc.xerox.com> Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Jim Shankland wrote: >I can't think of any case in which it would >be legal or desirable to have a TCP connection with (src-ip, src-port) >equal to (dst-ip, dst-port) It's legal. >so why not just reject such a connection >attempt out of hand in the TCPS_LISTEN state? For one thing, src-ip == dst-ip is not the only situation that will cause this behavior on a multi-homed host; determining if this is an evil packet takes a routing table lookup or an interface table search. It may also be that there's a whole class of problems that this bug is only one symptom of, and finding the right fix rather than the right-now fix could be important in the future. Bill