From owner-cvs-src@FreeBSD.ORG Sun Apr 25 20:00:24 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1A6F16A4CF for ; Sun, 25 Apr 2004 20:00:24 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 665F143D62 for ; Sun, 25 Apr 2004 20:00:24 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 97290 invoked from network); 26 Apr 2004 03:00:23 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 26 Apr 2004 03:00:23 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sun, 25 Apr 2004 22:43:46 -0500 (CDT) From: Mike Silbersack To: cvs-src@FreeBSD.org In-Reply-To: <200404260256.i3Q2uV18048208@repoman.freebsd.org> Message-ID: <20040425224122.E13069@odysseus.silby.com> References: <200404260256.i3Q2uV18048208@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet tcp_input.c tcp_var.h X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Apr 2004 03:00:25 -0000 On Sun, 25 Apr 2004, Mike Silbersack wrote: > silby 2004/04/25 19:56:31 PDT > > FreeBSD src repository > > Modified files: > sys/netinet tcp_input.c tcp_var.h > Log: > Tighten up reset handling in order to make reset attacks as difficult as > possible while maintaining compatibility with the widest range of TCP stacks. I'm going to let this settle in -current for a little while before MFCing it. Note that we're still vulnerable to reset attacks which use SYN packets, so there's little benefit to a quick MFC anyway. Discussion on how to deal with the SYN reset attack is still ongoing. Mike "Silby" Silbersack