Date: Sun, 25 Apr 2004 22:43:46 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: cvs-src@FreeBSD.org Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet tcp_input.c tcp_var.h Message-ID: <20040425224122.E13069@odysseus.silby.com> In-Reply-To: <200404260256.i3Q2uV18048208@repoman.freebsd.org> References: <200404260256.i3Q2uV18048208@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 25 Apr 2004, Mike Silbersack wrote: > silby 2004/04/25 19:56:31 PDT > > FreeBSD src repository > > Modified files: > sys/netinet tcp_input.c tcp_var.h > Log: > Tighten up reset handling in order to make reset attacks as difficult as > possible while maintaining compatibility with the widest range of TCP stacks. I'm going to let this settle in -current for a little while before MFCing it. Note that we're still vulnerable to reset attacks which use SYN packets, so there's little benefit to a quick MFC anyway. <g> Discussion on how to deal with the SYN reset attack is still ongoing. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040425224122.E13069>