Date: Thu, 08 Jan 1998 17:38:51 -0800 From: "David M. Holloway" <daveh@CSUA.Berkeley.EDU> To: freebsd-current@freebsd.org Subject: LAND attack Message-ID: <199801090138.RAA29799@soda.CSUA.Berkeley.EDU>
next in thread | raw e-mail | index | archive | help
Regarding this little addition in tcp_input.c
This doesnt appear to guard against attacks
where the sender and receiver are different
ip address but happen to be the same machine(multi-homed)
Any comments?
/*
* Reject attempted self-connects. XXX This actually masks
* a bug elsewhere, since self-connect should work.
* However, a urrently-active DoS attack in the Internet
* sends a phony self-connect request which causes an infinite
* loop.
*/
if (ti->ti_src.s_addr == ti->ti_dst.s_addr
&& ti->ti_sport == ti->ti_dport) {
tcpstat.tcps_badsyn++;
goto drop;
}
/*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801090138.RAA29799>