On Sat, 18 Nov 2000, Jesper Skriver wrote:
> On Fri, Nov 17, 2000 at 02:29:04PM -0800, Alfred Perlstein wrote:
> >
> > Probably not, what if one started a stream of spoofed ICMP lying
> > about the state of the route between the two machines? I have
> > the impression that the Linux box wouldn't be able to connect
> > because of this behavior.
>
> Correct, a attacker could in theory make sure we couldn't connect to
> a given remote box, but as I see it, it's mostly in teory.
>
> We could only react to this if we had a TCP session where we was
> waiting for a SYN/ACK from this specific host, this only leaves a very
> narrow window for a attacker to abuse, as he had to know both
> destination and time.
>
> Do you agree ?
>
> /Jesper
Well, if you honor such messages, don't you have to honor them in the
middle of a connection too? Then you could cause a connection drop at any
time.
It would seem simpler to have the ISP in question use proper RST
responses, or just stop filtering totally.
Mike "Silby" Silbersack
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
