[5697] in bugtraq
Re: "LAND" Attack Update
daemon@ATHENA.MIT.EDU (Matthew Dillon)
Mon Nov 24 23:35:22 1997
Date: Sun, 23 Nov 1997 01:46:35 -0800
Reply-To: Matthew Dillon <dillon@BACKPLANE.COM>
From: Matthew Dillon <dillon@BACKPLANE.COM>
X-To: "Charles M. Hannum" <mycroft@MIT.EDU>
To: BUGTRAQ@NETSPACE.ORG
:mycroft@mit.edu (Charles M. Hannum) writes:
:
:>
:> 2) A socket in LISTEN state is not initiating a connection attempt, so
:> if it receives a SYN-only packet from itself, it *must* be a
:...
:> will be dropped by the first change.)
:
:BTW, on a related note...
:
:The FreeBSD hack to `fix' (or not allow) self-connects DOES NOT WORK
:FOR MULTIHOMED HOSTS. It's still possible to crash a multihomed
:FreeBSD system by locally running a program that connects a TCP socket
:to itself.
Did you actually test this? My understanding is that the freeze-up
is due to the TCP stack looping within the same PCB. In a multi-homed
system you wind up with two different PCB's for each 'side' of the
connection if you use two different IP addresses on the same host. I
would expect this to result in an RST so it should be sufficient to
simply test for the (srcaddr,srcport) == (dstaddr,dstport).
I haven't tested this either way but I specifically didn't do anything
more complex in my quick freebsd hack because I assumed the other cases
would be covered by an RST.
-Matt
Matthew Dillon Engineering, BEST Internet Communications, Inc.
<dillon@apollo.backplane.com>
[always include a portion of the original email in any response!]
