From owner-freebsd-security@FreeBSD.ORG  Wed Apr 21 23:22:06 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0CA8216A4D0
	for <freebsd-security@FreeBSD.org>;
	Wed, 21 Apr 2004 23:22:06 -0700 (PDT)
Received: from relay.pair.com (relay.pair.com [209.68.1.20])
	by mx1.FreeBSD.org (Postfix) with SMTP id 69E7B43D31
	for <freebsd-security@FreeBSD.org>;
	Wed, 21 Apr 2004 23:22:05 -0700 (PDT)	(envelope-from silby@silby.com)
Received: (qmail 69910 invoked from network); 22 Apr 2004 06:22:04 -0000
Received: from niwun.pair.com (HELO localhost) (209.68.2.70)
  by relay.pair.com with SMTP; 22 Apr 2004 06:22:04 -0000
X-pair-Authenticated: 209.68.2.70
Date: Thu, 22 Apr 2004 01:28:20 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Don Lewis <truckman@FreeBSD.org>
In-Reply-To: <200404212331.i3LNVE7E047907@gw.catspoiler.org>
Message-ID: <20040422012305.Y19921@odysseus.silby.com>
References: <200404212331.i3LNVE7E047907@gw.catspoiler.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-security@FreeBSD.org
cc: avalon@caligula.anu.edu.au
cc: jayanth@yahoo-inc.com
Subject: Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Apr 2004 06:22:06 -0000


On Wed, 21 Apr 2004, Don Lewis wrote:

> On 21 Apr, Mike Silbersack wrote:
> > Do you have access to a system that exhibits the "RST at end of window"
> > syndrome so that you could code up and test out this part of the patch?
>
> Nope.  The only report of this that I saw was from jayanth.  Judging by
> the tcpdump timestamps, it looks like whatever this wierd piece of
> hardware was, it was nearby.

Something just occured to me... we can just lump the "RST at end of
window" case into the whole "RST somewhere in the window case".  In that
way, we only need two cases:

1.  RSTs exactly at last_ack_sent (always accepted)

2.  Everything else in the window (only accepted if "not under attack".)

I could code up and test this over the weekend, if it sounds like a
solution we're willing to go with.

Mike "Silby" Silbersack