| To: | Pekka Savola <pekkas@xxxxxxxxxx> |
|---|---|
| Subject: | Re: Ambiguities in TCP/IP - firewall bypassing (fwd) |
| From: | Andi Kleen <ak@xxxxxxx> |
| Date: | Sun, 20 Oct 2002 06:35:35 +0200 |
| Cc: | netdev@xxxxxxxxxxx |
| In-reply-to: | <Pine.LNX.4.44.0210191437230.12141-100000@netcore.fi> |
| References: | <Pine.LNX.4.44.0210191437230.12141-100000@netcore.fi> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.3.22.1i |
On Sat, Oct 19, 2002 at 02:38:56PM +0300, Pekka Savola wrote:
> See the thread on bugtraq.
>
> Linux 2.4.19 initiates TCP handshake with SYN and RST bits set. SYN with
> _RST_ seems like a total nonsense (SYN with FIN might even be useful for
> stuff like T/TCP) but I guess the spec didn't take any stance on that..
Here is a patch to fix it for 2.4.19.
--- linux/net/ipv4/tcp_input.c-o 2002-10-15 17:24:53.000000000 +0200
+++ linux/net/ipv4/tcp_input.c 2002-10-20 06:34:05.000000000 +0200
@@ -3664,6 +3664,9 @@
goto discard;
case TCP_LISTEN:
+ if(th->rst)
+ goto discard;
+
if(th->ack)
return 1;
-Andi
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | The "retrans_out leaked.", Xiaoliang (David) Wei |
|---|---|
| Next by Date: | YOUR STRICTEST CONFIDENCE REQUIRED., Benson Cisse Traore |
| Previous by Thread: | Re: Ambiguities in TCP/IP - firewall bypassing (fwd), Pekka Savola |
| Next by Thread: | Re: Ambiguities in TCP/IP - firewall bypassing (fwd), Pekka Savola |
| Indexes: | [Date] [Thread] [Top] [All Lists] |