Date: Fri, 21 Jan 2000 07:31:48 -0800 From: gdonl@tsc.tdk.com (Don Lewis) To: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <200001211531.HAA13140@salsa.gv.tsc.tdk.com> In-Reply-To: Brett Glass <brett@lariat.org> "stream.c worst-case kernel paths" (Jan 20, 8:17pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 20, 8:17pm, Brett Glass wrote: } Subject: stream.c worst-case kernel paths } This suggests that restricting RSTs will help with the DoS. (Does anyone know if } not sending an RST violates any RFCs if there was never a connection?) Yes, it's a violation. If there is a TCP connection to a host that crashes and reboots and that host doesn't send RST packets in response to packets belonging to the old connection, its peer won't be notified that the connection is no longer valid. Doing this also means that the host will not make any attempt to tear down a spoofed TCP connection using its IP address. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001211531.HAA13140>