From owner-freebsd-security Fri Jan 21 21:42:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 3702D155C5 for ; Fri, 21 Jan 2000 21:42:11 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id VAA67508; Fri, 21 Jan 2000 21:42:06 -0800 (PST) (envelope-from dillon) Date: Fri, 21 Jan 2000 21:42:06 -0800 (PST) From: Matthew Dillon Message-Id: <200001220542.VAA67508@apollo.backplane.com> To: Warner Losh Cc: Brett Glass , freebsd-security@FreeBSD.ORG Subject: Re: Some observations on stream.c and streamnt.c References: <4.2.2.20000121210443.01981600@localhost> <4.2.2.20000120194543.019a8d50@localhost> <20000121162757.A7080@osaka.louisville.edu> <4.2.2.20000121195112.0196a220@localhost> <200001220452.VAA17629@harmony.village.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :: during the call. When the user hangs up, your PPP software might want to :: send a bunch of RSTs to shut down the caller's sessions (if it's been :: tracking them). Or just do what a router does, and flag the machine :: as down. : :I'm afraid I don't understand this. If the user disconnects, how can :you send him RSTs? There's no connection. W/o ppp keeping state :information, it can't send them to the other end. Also, it breaks :lots of things. Really bad idea. :.. :Warner User A connects, runs netscape, opens an NNTP connection. User A disconnects (without closing the session). User B connects, gets same IP assignment, runs netscape, opens an NNTP connection. -> same port pair winds up being used -> server returns RST -> client retries and this time makes a (new) connection *** Or, alternatively, User A connects, runs netscape, opens an NNTP connection. User A disconnects (without closing the session). -> server times out, closes the connection User A reconnects, gets same IP address (this is more common if the user has a static IP but some portmasters try to assign the same IP if it wasn't reused). User starts typing in previously openned telnet session. -> server returns an RST. (In this case if the server does not return a RST the user's session does not close immediately and instead freezes up for 2 minutes). *** I can think of other situations, but the static-IP-dialup one (the second one above) is the one I care about the most because users really hate stalled-out telnet sessions. I know I do... if I type something and the connection is dead I want the window to disappear instantly. Similar problems occur when you are running a connection over a shoddy network. One side may timeout and disconnect without the other knowing. Without RST's it takes longer to recognize the failure. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message