[5693] in bugtraq
Re: "LAND" Attack Update
daemon@ATHENA.MIT.EDU (Charles M. Hannum)
Mon Nov 24 23:35:15 1997
Date: Sat, 22 Nov 1997 21:35:55 -0500
Reply-To: "Charles M. Hannum" <mycroft@MIT.EDU>
From: "Charles M. Hannum" <mycroft@MIT.EDU>
X-To: Casper Dik <casper@HOLLAND.SUN.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Casper Dik's message of Sun, 23 Nov 1997 00:12:24 +0100
Casper Dik <casper@HOLLAND.SUN.COM> writes:
>
> >2) A socket in LISTEN state is not initiating a connection attempt, so
> > if it receives a SYN-only packet from itself, it *must* be a
> > forgery. A self-connect would cause the socket to no longer be in
> > LISTEN state before the SYN-only packet arrives. There's no point
> > in sending a RST in this case, since we'd just be sending it to
> > ourselves.
>
> I'm not sure that that is the case. Multiple sockets may be bound to
> the same port number. One of the others bound to the port may
> initiate a connection from the same port number.
If the source and destination addresses are the same, then it *can't*
be another socket on the same port connecting. It's just not
possible.
> You need to reply with a SYN_ACK packet and then you'll RST in reply to
> that.
The second part is merely an optimization, but it is correct.
