Don Lewis <Don.Lewis@tsc.tdk.com> writes:
>
> On Nov 22, 2:19pm, "Charles M. Hannum" wrote:
> }
> } The changes we've made in NetBSD to deal with the `land' attack are:
> }
> } 1) If a socket in LISTEN state receives a SYN+ACK packet, then send a
> } RST and drop the packet.
I suppose I was being imprecise here. If we created a TCP control
block when replying to a SYN-only packet, then it would be in
SYN-RECEIVED state. However, we don't. What we actually find when we
do the lookup is the LISTEN socket. If you have a TCP control block
for embryonic connections, then you should do the `drop with reset'
for either LISTEN or SYN-RECEIVED state.
> I've heard reports of rumors of problems caused by sending SYN+ACK
> packets to LISTENing sockets (and there is supposed to be a note about
> this in "TCP/IP Illustrated Volume 3", which I don't yet have), but in
> what way is the following code inadequate?
> [...]
> case TCPS_LISTEN: {
> [...]
> if (tiflags & TH_ACK)
> goto dropwithreset;
The original 4.4BSD (and earlier) code finds a different socket at
this point, which is in SYN-RECEIVED state. The above code doesn't
handle that case.