Date: Sun, 23 Nov 1997 00:33:15 PST From: Bill Fenner <fenner@parc.xerox.com> To: freebsd-security@freebsd.org Subject: Re: "LAND" Attack Update (fwd) Message-ID: <97Nov23.003328pst.177476@crevenia.parc.xerox.com> In-Reply-To: Your message of "Sat, 22 Nov 97 18:08:02 PST." <Pine.BSF.3.91.971123130734.235X-100000@panda.hilink.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
After a discussion with Charles, I think that his >1) If a socket in LISTEN state receives a SYN+ACK packet, then send a > RST and drop the packet. is equivalent to Don Lewis's previous suggestion of dropping SYN+ACK in SYN_RECEIVED; NetBSD's SYN-flood protection apparently keeps the socket in LISTEN where in FreeBSD it would be in SYN_RECEIVED. Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97Nov23.003328pst.177476>