Date: Mon, 16 Jul 2001 14:51:35 -0400 From: Niels Provos <provos@citi.umich.edu> To: Kris Kennaway <kris@obsecurity.org> Cc: Jonathan Lemon <jlemon@flugsvamp.com>, gjohnson@srrc.ars.usda.gov, net@freebsd.org Subject: Re: TCP ISN algorithm breaks TIME_WAIT (Re: select fails to return incoming connect on FreeBSD-4.3) Message-ID: <20010716185135.B314F207C1@citi.umich.edu> In-Reply-To: Kris Kennaway, Sun, 15 Jul 2001 13:11:48 PDT
next in thread | raw e-mail | index | archive | help
In message <20010715131148.A10745@xor.obsecurity.org>, Kris Kennaway writes: >Sorry I've been ignoring this; I'm still getting caught up from my >vacation. Niels, how has OpenBSD handled this? Not. We have the same problem. I argue that the test is bogus. First of all, if we are getting a SYN for this 4-tuple, it is very likely that all segments from the old connection have left the network. The current code does not deal with wrap around either. On the other hand, there are already a number of operating systems that use randomized ISNs. Linux has been doing this for quite some time. As a result, we can not rely on monotonely increasing ISNs anyway. Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010716185135.B314F207C1>