Re: "LAND" Attack Update

Casper Dik (casper@HOLLAND.SUN.COM)
Sun, 23 Nov 1997 00:12:24 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bill Fenner: "Re: "LAND" Attack Update"
Previous message: Charles M. Hannum: "Re: 44BSD port of land.c"
Maybe in reply to: Aleph One: ""LAND" Attack Update"
Next in thread: Bill Fenner: "Re: "LAND" Attack Update"

>2) A socket in LISTEN state is not initiating a connection attempt, so
> if it receives a SYN-only packet from itself, it *must* be a
> forgery. A self-connect would cause the socket to no longer be in
> LISTEN state before the SYN-only packet arrives. There's no point
> in sending a RST in this case, since we'd just be sending it to
> ourselves.

I'm not sure that that is the case. Multiple sockets may be bound to
the same port number. One of the others bound to the port may
initiate a connection from the same port number.

You need to reply with a SYN_ACK packet and then you'll RST in reply to
that.

Casper

Next message: Bill Fenner: "Re: "LAND" Attack Update"
Previous message: Charles M. Hannum: "Re: 44BSD port of land.c"
Maybe in reply to: Aleph One: ""LAND" Attack Update"
Next in thread: Bill Fenner: "Re: "LAND" Attack Update"