Date: Tue, 25 Nov 1997 22:52:50 -0500 From: Feiyi Wang <fwang2@eos.ncsu.edu> To: freebsd-questions@freebsd.org Subject: land attack - a clarification Message-ID: <347B9D12.6BBC@eos.ncsu.edu>
next in thread | raw e-mail | index | archive | help
Hi,
I saw a lot postings on "land" attacks. One thing is that you can't
always expect it will "crash" a machine. Actually, what land attack did
is a "self-connection", which could cause TCP enter a infinite loop,
therefore degrade the system performance. Some OSes, (for example, win95
, will crash. I never test that, but the author claimed so). Fix is
simple - discard the self-connection packet in tcp_input.c. A patch for
FreeBSD was posted in newsgroup by Joerg a few days ago, attached as
following -
/Feiyi
In the CVS tree.
Index: /sys/netinet/tcp_input.c
===================================================================
RCS file: /home/cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -u -r1.65 -r1.66
--- tcp_input.c 1997/11/07 08:53:21 1.65
+++ tcp_input.c 1997/11/20 20:04:49 1.66
@@ -315,6 +315,19 @@
goto drop;
}
#endif /* TUBA_INCLUDE */
+
+ /*
+ * Reject attempted self-connects. XXX This actually masks
+ * a bug elsewhere, since self-connect should work.
+ * However, a urrently-active DoS attack in the Internet
+ * sends a phony self-connect request which causes an infinite
+ * loop.
+ */
+ if (ti->ti_src.s_addr == ti->ti_dst.s_addr
+ && ti->ti_sport == ti->ti_dport) {
+ tcpstat.tcps_badsyn++;
+ goto drop;
+ }
/*
* Check that TCP offset makes sense,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?347B9D12.6BBC>