Date: Sun, 17 Dec 2000 10:03:28 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: Jesper Skriver <jesper@skriver.dk> Cc: "Louis A. Mamakos" <louie@TransSys.COM>, Kris Kennaway <kris@FreeBSD.org>, Poul-Henning Kamp <phk@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h Message-ID: <20001217100327.K19572@fw.wintelcom.net> In-Reply-To: <20001217183016.C34282@skriver.dk>; from jesper@skriver.dk on Sun, Dec 17, 2000 at 06:30:16PM %2B0100 References: <200012161942.eBGJg7j93654@freefall.freebsd.org> <20001217012007.A18038@citusc.usc.edu> <200012171529.eBHFT4512582@whizzo.transsys.com> <20001217182056.B34282@skriver.dk> <20001217183016.C34282@skriver.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
* Jesper Skriver <jesper@skriver.dk> [001217 09:30] wrote: > > A sniffer trace gives me the IP header + 8 bytes. The first 8 bytes of > the TCP header is source and destination ports + sequence number. > > Now, I need to find a way to decode these 8 bytes, and find the matching > sessions, and only zap those. > > I'll look more at this, but I probably won't have anything working until > later this week, as I have a few things I need to get done first. > > As the code is disabled by default, I don't think this is a major > problem ? I'm annoyed that I was side-stepped to get this code in. My objection was because of the problems with spoofing this type of ICMP. Had you done the research and explained to me that: > > > The Destination Unreachable ICMP message should include a copy of the > > > IP header plus 20 bytes of payload (TCP segment header) which you > > > could use to validate it. I only glanced briefly at the patch, and don't > > > know if that was being done or not. it would have been fine as long as you implemented the check. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001217100327.K19572>