Date: Fri, 21 Jan 2000 23:33:27 -0700 From: Brett Glass <brett@lariat.org> To: Alfred Perlstein <bright@wintelcom.net> Cc: security@freebsd.org Subject: Re: stream.c worst-case kernel paths Message-ID: <4.2.2.20000121233233.01977610@localhost> In-Reply-To: <20000121224924.B3730@fw.wintelcom.net> References: <4.2.2.20000121205951.01a58bb0@localhost> <200001212353.PAA64927@apollo.backplane.com> <7263.948497709@critter.freebsd.dk> <200001212353.PAA64927@apollo.backplane.com> <20000121194609.A19536@fw.wintelcom.net> <4.2.2.20000121205951.01a58bb0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:49 PM 1/21/2000 , Alfred Perlstein wrote: >You're wrong, many combinations of tcp header flags are invalid >depending on the tcp connection's state, as well as other factors >i'm sure exist, but have yet to examine. If we are under attack >and not sending ICMP or RST back then why checksum instead of >just dropping it? Either way it's an invalid packet. Maybe. But the logic for this would be hairy, and you'd need to mop up carefully. I'd like to see how this looked and if it really saved CPU. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000121233233.01977610>