From owner-freebsd-security Fri Jan 21 22:33:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id C42BB1561A for ; Fri, 21 Jan 2000 22:33:33 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id XAA00251; Fri, 21 Jan 2000 23:33:27 -0700 (MST) Message-Id: <4.2.2.20000121233233.01977610@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Fri, 21 Jan 2000 23:33:27 -0700 To: Alfred Perlstein From: Brett Glass Subject: Re: stream.c worst-case kernel paths Cc: security@freebsd.org In-Reply-To: <20000121224924.B3730@fw.wintelcom.net> References: <4.2.2.20000121205951.01a58bb0@localhost> <200001212353.PAA64927@apollo.backplane.com> <7263.948497709@critter.freebsd.dk> <200001212353.PAA64927@apollo.backplane.com> <20000121194609.A19536@fw.wintelcom.net> <4.2.2.20000121205951.01a58bb0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:49 PM 1/21/2000 , Alfred Perlstein wrote: >You're wrong, many combinations of tcp header flags are invalid >depending on the tcp connection's state, as well as other factors >i'm sure exist, but have yet to examine. If we are under attack >and not sending ICMP or RST back then why checksum instead of >just dropping it? Either way it's an invalid packet. Maybe. But the logic for this would be hairy, and you'd need to mop up carefully. I'd like to see how this looked and if it really saved CPU. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message