[948] in SIPB_Linux_Development
Re: probs still with Linux/Kerberos
daemon@ATHENA.MIT.EDU (Charles M. Hannum)
Wed Mar 1 05:08:04 1995
Date: Wed, 1 Mar 1995 05:07:32 -0500
From: "Charles M. Hannum" <mycroft@ai.mit.edu>
To: ghudson@MIT.EDU
Cc: tytso@MIT.EDU, linux-dev@MIT.EDU, netbsd-dev@MIT.EDU
I also discovered that Linux does not have to time out when it
tries the wrong port, becaues it passes the connection refused
packet up to the kerberos library, which gets an ECONNREFUSED and
tries port 750.
I'm not sure what you mean by `connection refused packet'.
If a TCP connection is rejected (by the remote host sending a RST
packet), then the NetBSD kernel will certainly report ECONNREFUSED.
You can see this in action by typing `telnet granola 1'.
If a UDP packet is rejected, there is no mechanism for detecting this,
except perhaps by listening to ICMP port unreachables. This might
allow for denial of service attacks by forging unreachable messages.
In addition, ECONNREFUSED doesn't make sense for a connectionless
protocol. Lastly, it would also have to be deferred and reported
later, since the only upper bound on when we would get the ICMP is
2*MSL, which is an unreasonably large time to execute the write()
call.
So, could you explain what you actually meant? Perhaps the Linux
version is using TCP and the NetBSD version is using UDP, by default?
