From owner-FreeBSD-net-jp@jp.freebsd.org  Tue Feb 10 10:28:12 1998
Received: by jaz.jp.freebsd.org (8.8.8+3.0Wbeta7/8.7.3) id KAA23748
	Tue, 10 Feb 1998 10:28:12 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.8+3.0Wbeta7/8.7.3) with SMTP id KAA23743
	for <FreeBSD-net-jp@jp.freebsd.org>; Tue, 10 Feb 1998 10:28:10 +0900 (JST)
Received: by vcgate3.mei.co.jp (8.6.10h/5.9:4.9:vcgate01:971110)
	id KAA18082; Tue, 10 Feb 1998 10:26:05 +0900
Received: by vcmei.vanc.mei.co.jp (8.8.7/5.9:4.9:vcmei:980203)
	id KAA12381; Tue, 10 Feb 1998 10:25:52 +0900 (JST)
Received: from mkegate0.mke.mei.co.jp by mkews1.ho.mke.mei.co.jp (4.1/3.5Wbeta)
	id AA20363; Tue, 10 Feb 98 10:28:20 JST
Received: from soft.saijo.mke.mei.co.jp by mkegate0.mke.mei.co.jp (4.1/3.5Wbeta)
	id AA15765; Tue, 10 Feb 98 10:25:55 JST
Received: from vepc03.saijo.mke.mei.co.jp by soft.saijo.mke.mei.co.jp (4.1/3.5Wbeta)
	id AA10280; Tue, 10 Feb 98 10:32:33 JST
Received: from localhost by vepc03.saijo.mke.mei.co.jp (8.8.8/3.4W4)
	id KAA07294; Tue, 10 Feb 1998 10:29:52 +0900 (JST)
To: FreeBSD-net-jp@jp.freebsd.org
In-Reply-To: Your message of "Tue, 10 Feb 1998 09:57:14 +0900"
	<19980210095714Q.simokawa@sat.t.u-tokyo.ac.jp>
References: <19980210095714Q.simokawa@sat.t.u-tokyo.ac.jp>
X-Mailer: Mew version 1.92.4 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19980210102952A.kana@saijo.mke.mei.co.jp>
Date: Tue, 10 Feb 1998 10:29:52 +0900
From: Masanori Kanaoka <kana@saijo.mke.mei.co.jp>
X-Dispatcher: imput version 980119
Lines: 57
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=24]
X-Sequence: FreeBSD-net-jp 436
Subject: [FreeBSD-net-jp 436] Re: Can't access /freebsd.org/pub/CERT
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org

$B6b2,!w>>2<<w$G$9!#(B

$ CVS$B$N(Blog$B$r8+$?$H$3$m(B,
$ current$B$,(B1998/1/21, stable$B$,(B 1998/1/30 $B$K(Bfix$B$5$l$F$$$k$h$&(B
$ $B$h$&$G$9(B.

$BF|IU$1$H!"(Bland $B$H$$$&(B key word $B$GD4$Y$k$H!"0J2<$N#2$D$,8+$D$+$j$^$7$?!#(B
$B$h$/$o$+$C$F$$$J$$$N$G$9$,!"$3$l$N$3$H$G$7$g$&$+!)(B

----------------------< current >----------------------------------
fenner      1998/01/20 18:06:00 PST

  Modified files:
    sys/netinet          tcp_input.c 
  Log:
  A more complete fix for the "land" attack, removing the "quick fix" from
  rev 1.66.  This fix contains both belt and suspenders.
  
  Belt: ignore packets where src == dst and srcport == dstport in TCPS_LISTEN.
   These packets can only legitimately occur when connecting a socket to itself,
   which doesn't go through TCPS_LISTEN (it goes CLOSED->SYN_SENT->SYN_RCVD->
   ESTABLISHED).  This prevents the "standard" "land" attack, although doesn't
   prevent the multi-homed variation.
  
  Suspenders: send a RST in response to a SYN/ACK in SYN_RECEIVED state.
   The only packets we should get in SYN_RECEIVED are
   1. A retransmitted SYN, or
   2. An ack of our SYN/ACK.
   The "land" attack depends on us accepting our own SYN/ACK as an ACK;
   in SYN_RECEIVED state; this should prevent all "land" attacks.
  
  We also move up the sequence number check for the ACK in SYN_RECEIVED.
   This neither helps nor hurts with respect to the "land" attack, but
   puts more of the validation checking in one spot.
  
  PR:             kern/5103
  
  Revision  Changes    Path
  1.68      +25 -20    src/sys/netinet/tcp_input.c


----------------------< stable >------------------------------------- 
fenner      1998/01/30 11:13:56 PST

  Modified files:        (Branch: RELENG_2_2)
    sys/netinet          tcp_input.c 
  Log:
  Merge rev 1.68 from -current (more complete fix for "land" attack)
  
  PR:		kern/5103
  
  Revision  Changes    Path
  1.54.2.7  +25 -20    src/sys/netinet/tcp_input.c

------ $B>>2<<wEE;R9)6H3t<02q<R(B  $B1GA|3+H/%;%s%?!<!!1GA|5;=QIt(B ----
$B!!6b2,!!@57{!!!!!!(BTEL:0897-56-1111($BFb(B518)  FAX:0897-56-8142
---------------- Masanori Kanaoka <kana@saijo.mke.mei.co.jp>----
