Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)

• Previous message: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• In reply to: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Next in thread: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Reply: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: silby@silby.com (Mike Silbersack)
Date: Thu, 22 Apr 2004 16:28:17 +1000 (Australia/ACT)

In some mail from Mike Silbersack, sie said:
> On Wed, 21 Apr 2004, Don Lewis wrote:
> > On 21 Apr, Mike Silbersack wrote:
> > > Do you have access to a system that exhibits the "RST at end of window"
> > > syndrome so that you could code up and test out this part of the patch?
> >
> > Nope. The only report of this that I saw was from jayanth. Judging by
> > the tcpdump timestamps, it looks like whatever this wierd piece of
> > hardware was, it was nearby.
>
> Something just occured to me... we can just lump the "RST at end of
> window" case into the whole "RST somewhere in the window case". In that
> way, we only need two cases:
>
> 1. RSTs exactly at last_ack_sent (always accepted)

To pursue this thought further, if a FIN has been sent or received
(connection has migrated from ESTABLISHED to CLOSE_WAIT or something
else) then receiving an RST at this point should be much less of a
problem, yes ?

The only drawback is I've seen sessions where there's a last ditch
attempt to get data through even though a FIN has been received.

Darren
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• In reply to: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Next in thread: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Reply: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SSL/TCP Connection termination results in RST ... What I saw was that the side sending the FIN ... The OS then cleans up the socket structures. ... When the OS gets a packet for that connection it no longer has any place to ... that it is done sending data and then loop receiving data until it gets an ... (comp.dcom.sys.cisco) Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) ... >> else) then receiving an RST at this point should be much less of a ... >> attempt to get data through even though a FIN has been received. ... you're more likely to get a RST after a FIN has been ... Do FIN packets also need to be challenge-responsed now? ... (FreeBSD-Security) Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) ... > (connection has migrated from ESTABLISHED to CLOSE_WAIT or something ... > else) then receiving an RST at this point should be much less of a ... > attempt to get data through even though a FIN has been received. ... Mike "Silby" Silbersack ... (FreeBSD-Security) Re: How can I detect a carriage return using java.net ... At the 'C' level a reador recvor recvmsgwill return 0 meaning EOF on receiving a FIN, and -1 with an errno of ECONNRESET on receiving an RST. ... (comp.lang.java.programmer) Re: MT already losing favor? ... the fact remains that most of the criticism MT is receiving has ... of judging Dylan's work based only against its most recent predecessor for ... (rec.music.dylan)