Date: Wed, 14 Jan 1998 14:54:37 -0500 (EST) From: spork <spork@super-g.com> To: "David M. Holloway" <daveh@CSUA.Berkeley.EDU> Cc: freebsd-current@freebsd.org Subject: Re: LAND attack Message-ID: <Pine.BSF.3.96.980114145312.7194B-100000@super-g.inch.com> In-Reply-To: <199801090138.RAA29799@soda.CSUA.Berkeley.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
This is interesting. We have a machine that is "patched", but seems to
still be getting hit by land. It has lots of virtual interfaces. Have
you received any feedback on this question?
Thanks,
Charles Sprickman
spork@super-g.com
----
"I'm not a prophet or a stone-age man
Just a mortal with potential of a superman
I'm living on" -DB
On Thu, 8 Jan 1998, David M. Holloway wrote:
> Regarding this little addition in tcp_input.c
> This doesnt appear to guard against attacks
> where the sender and receiver are different
> ip address but happen to be the same machine(multi-homed)
>
> Any comments?
>
> /*
> * Reject attempted self-connects. XXX This actually masks
> * a bug elsewhere, since self-connect should work.
> * However, a urrently-active DoS attack in the Internet
> * sends a phony self-connect request which causes an infinite
> * loop.
> */
> if (ti->ti_src.s_addr == ti->ti_dst.s_addr
> && ti->ti_sport == ti->ti_dport) {
> tcpstat.tcps_badsyn++;
> goto drop;
> }
>
> /*
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980114145312.7194B-100000>