Taken from "Phrack #54", file P54-10:
>If we send a
>packet with a FIN or RST, with a sequence number that is far off of the current
>sequence number expected by the kernel, then the kernel will disregard it.
>However, the sniffer will likely regard this as a legitimate connection close
>request or connection reset, and cease logging.
>
>It is interesting to note that certain implementations of TCP stacks do not
>check the sequence numbers properly upon receipt of an RST. This obviously
>provides a large potential for a denial of service attack. Specifically, I
>have noticed that Digital Unix 4.0d will tear down connections without
>checking the sequence numbers on RST packets.
Do you know if this "misbehaviour" has been fixed with 4.0E ?
Massimo Gais <mgais_at_na.astro.it>
----
"640K ought to be enough for anybody."
-- Bill Gates, 1981
Received on Mon Jan 25 1999 - 11:34:55 NZDT