Date: Mon, 08 Jan 2001 17:48:56 -0800 From: Umesh Krishnaswamy <umesh@juniper.net> To: freebsd-security@freebsd.org Subject: Spoofing multicast addresses Message-ID: <3A5A6E08.1BAF3C@juniper.net>
next in thread | raw e-mail | index | archive | help
Hi Folks, I was looking at the code for tcp_drop(). If there is a SYN flood attack, tcp_drop is called to drop the connection on a listen queue overflow. tcp_drop in turn sends an RST packet if it is in the SYN_RCVD state. If the attacker spoofs multicast IP addresses, then there will be a flood of RST packets being sent out by the machine. I am unclear on the RFCs, but shouldn't the tcp_drop code check if the src address is multicast, if so drop without RST. Or maybe, even before that, tcp_input should not accept SYN packets from multicast IP addresses. Thanks. Umesh. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5A6E08.1BAF3C>