[PATCH] SYN issue
Rui Paulo
rpaulo at freebsd.org
Fri May 22 00:08:05 UTC 2009
On 21 May 2009, at 18:37, David DeSimone wrote:
> Zachary Loafman <zachary.loafman at isilon.com> wrote:
>>
>> After correcting the above, any SYN that doesn't exactly match
>> the initial sequence number results in a RST|ACK response and the
>> ESTABLISHED connection being dropped.
>
> Maybe I am jumping to conclusions here, but does this mean that
> someone
> can spoof a SYN from your IP and source port and force your connection
> to be torn down?
I don't think so. First of all the seq must be on the left of the recv
window, and second, we already do this for the right of the recv window.
I believe this is how the standard defined it to be.
--
Rui Paulo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20090522/17e0013d/PGP.pgp
More information about the freebsd-net
mailing list