Hi !
Transactions-TCP (RFC-1644) in FreeBSD (and other systems) can cause
problems for security :
1. New variant of SYN-flood attack . Someone can send many T/TCP
packets with fake originate address (any unreachable address) and
overload (possible cause Denial-Of-Service) victim's server (for example -
many T/TCP requests to telnet/ftp/http/etc daemons) .
2. Attack to r*-services (rshd/rlogind without kerberos-authentication) .
Hacker can send T/TCP requests with originate address from /etc/hosts.equiv or
.rhosts files . In some cases (computer with address from hacker's request
can't send TCP-RST packet in time) it possible run commands on attacked
target . My experiments shows what attacker just need 10-50 ms delay between
victim sending SYN-ACK packet and receiving RST packet from trusted computer
(it depends from algorithm rshd/rlogind , place DNS-server with reverse zone ,
etc) . This attack can be used on other tcp-services with authentication
based on ip-address .
RFC-1644 must die :( . My english too (*sigh*) . Just do
'sysctl -w net.inet.tcp.rfc1644=0' and forget about it :) .
Vasim V. (2:5011/27 http://members.tripod.com/~Vasim VV86-RIPE)