Re: New version of the 2.1 syncookies patch

Alan Cox (alan@cymru.net)
Wed, 4 Jun 1997 13:53:59 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Christopher Blizzard: "Re: Non-Executable Stack Patch"
Previous message: Juan Jose Ciarlante: "Re: IP Alias Limit"
In reply to: kdp0101@hpmail.lrz-muenchen.de: "New version of the 2.1 syncookies patch"
Next in thread: Andreas Ott: "Re: New version of the 2.1 syncookies patch"

> - Fixed a bug in tcp_ipv4.c. tcp_v4_do_rcv didn't pass the IP options
> to the generic tcp code, so it didn't use the correct source routing
> option to send SYNACKs back. This fix makes the code compliant to
> RFC1122 4.2.3.8 again (not tested).

Actually thats a feature to make it harder to attack machines. If you honour
source route on returns you can deduce a lot of the sequence number patterns
for the given host pair

Next message: Christopher Blizzard: "Re: Non-Executable Stack Patch"
Previous message: Juan Jose Ciarlante: "Re: IP Alias Limit"
In reply to: kdp0101@hpmail.lrz-muenchen.de: "New version of the 2.1 syncookies patch"
Next in thread: Andreas Ott: "Re: New version of the 2.1 syncookies patch"