[5684] in bugtraq
Re: "LAND" Attack Update
daemon@ATHENA.MIT.EDU (Casper Dik)
Sat Nov 22 21:08:03 1997
Date: Sun, 23 Nov 1997 00:12:24 +0100
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Sat, 22 Nov 1997 14:19:11 EST."
<el24t54n3dc.fsf@bikini.ai.mit.edu>
>2) A socket in LISTEN state is not initiating a connection attempt, so
> if it receives a SYN-only packet from itself, it *must* be a
> forgery. A self-connect would cause the socket to no longer be in
> LISTEN state before the SYN-only packet arrives. There's no point
> in sending a RST in this case, since we'd just be sending it to
> ourselves.
I'm not sure that that is the case. Multiple sockets may be bound to
the same port number. One of the others bound to the port may
initiate a connection from the same port number.
You need to reply with a SYN_ACK packet and then you'll RST in reply to
that.
Casper
