Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1995: sequence numbers in TCP RST's (was Re: Watcher page moved)

sequence numbers in TCP RST's (was Re: Watcher page moved)

Vern Paxson (vernee.lbl.gov)
Sat, 01 Apr 95 17:03:17 PST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tom Fitzgerald: "ICMP unreachables (was: Watcher page moved...)"
Previous message: Chris Herringshaw: "Re: Network Monitoring and Control (announcement)"

> 	 1) should TCP check the sequence number to avoid RST bombs?
> 
> Not only should but must, and I think does; see RFC 793.

It may be that most TCP's check sequence number of RST's.  I thought
I'd add, though, that there are plenty of TCP implementations which
don't bother to put the correct sequence number into RST's they generate.
I know this because I do a lot of TCP connection analysis by tracing
SYN/FIN/RST packets, and I have to special-case the RST packets in
my scripts because their sequence numbers are often bogus.

		Vern

Next message: Tom Fitzgerald: "ICMP unreachables (was: Watcher page moved...)"
Previous message: Chris Herringshaw: "Re: Network Monitoring and Control (announcement)"