Re: "LAND" Attack Update

Matthew Dillon (dillon@BACKPLANE.COM)
Sun, 23 Nov 1997 01:46:35 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Charles M. Hannum: "Re: "LAND" Attack Update"
Previous message: John Robert LoVerso: "Re: "LAND" Attack Update"
Maybe in reply to: Aleph One: ""LAND" Attack Update"
Next in thread: Charles M. Hannum: "Re: "LAND" Attack Update"

:mycroft@mit.edu (Charles M. Hannum) writes:
:
:>
:> 2) A socket in LISTEN state is not initiating a connection attempt, so
:> if it receives a SYN-only packet from itself, it *must* be a
:...
:> will be dropped by the first change.)
:
:BTW, on a related note...
:
:The FreeBSD hack to `fix' (or not allow) self-connects DOES NOT WORK
:FOR MULTIHOMED HOSTS. It's still possible to crash a multihomed
:FreeBSD system by locally running a program that connects a TCP socket
:to itself.

Did you actually test this? My understanding is that the freeze-up
is due to the TCP stack looping within the same PCB. In a multi-homed
system you wind up with two different PCB's for each 'side' of the
connection if you use two different IP addresses on the same host. I
would expect this to result in an RST so it should be sufficient to
simply test for the (srcaddr,srcport) == (dstaddr,dstport).

I haven't tested this either way but I specifically didn't do anything
more complex in my quick freebsd hack because I assumed the other cases
would be covered by an RST.

-Matt

Matthew Dillon Engineering, BEST Internet Communications, Inc.
<dillon@apollo.backplane.com>
[always include a portion of the original email in any response!]

Next message: Charles M. Hannum: "Re: "LAND" Attack Update"
Previous message: John Robert LoVerso: "Re: "LAND" Attack Update"
Maybe in reply to: Aleph One: ""LAND" Attack Update"
Next in thread: Charles M. Hannum: "Re: "LAND" Attack Update"