>
> 2) A socket in LISTEN state is not initiating a connection attempt, so
> if it receives a SYN-only packet from itself, it *must* be a
> forgery. A self-connect would cause the socket to no longer be in
> LISTEN state before the SYN-only packet arrives. There's no point
> in sending a RST in this case, since we'd just be sending it to
> ourselves.
>
> (Actually, this change isn't really complete; in theory, if the
> LISTEN socket was bound to INADDR_ANY, then we should check whether
> the source address of the SYN was any of our local addreses, not
> just that it matches the destination. However, a failure to detect
> the attack at this point will merely generate an extra SYN+ACK that
> will be dropped by the first change.)
BTW, on a related note...
The FreeBSD hack to `fix' (or not allow) self-connects DOES NOT WORK
FOR MULTIHOMED HOSTS. It's still possible to crash a multihomed
FreeBSD system by locally running a program that connects a TCP socket
to itself.