lwip-devel
[
Top
][
All Lists
]
Advanced
[
Date Prev
][Date Next][
Thread Prev
][Thread Next][
Date Index
][
Thread Index
]
[lwip-devel] patch for TCP LAND attack
From
:
Fabian Koch
Subject
:
[lwip-devel] patch for TCP LAND attack
Date
:
Fri, 25 Feb 2011 18:03:38 +0100
Hey all,
I came up with the smalles impact patch I could think of, regarding the TCP LAND attack.
Even though it turns out, the attack causes more harm in other layers of our software, not only LwIP, so this patch does not help me much, personally ;o)
Index: Common/Source/LwIP_132/Source/core/tcp_in.c
===================================================================
--- Common/Source/LwIP_132/Source/core/tcp_in.c (revision 9852)
+++ Common/Source/LwIP_132/Source/core/tcp_in.c (working copy)
@@ -120,9 +120,10 @@
return;
}
- /* Don't even process incoming broadcasts/multicasts. */
+ /* Don't even process incoming broadcasts/multicasts and suspected TCP LAND attacks */
if (ip_addr_isbroadcast(&(iphdr->dest), inp) ||
- ip_addr_ismulticast(&(iphdr->dest))) {
+ ip_addr_ismulticast(&(iphdr->dest)) ||
+ ((tcphdr->src == tcphdr->dest) && ip_addr_cmp(&(iphdr->src), &(iphdr->dest)))) {
TCP_STATS_INC(tcp.proterr);
TCP_STATS_INC(tcp.drop);
snmp_inc_tcpinerrs();
kind regards,
Fabian
reply via email to
[Prev in Thread]
Current Thread
[Next in Thread]
[lwip-devel] patch for TCP LAND attack
,
Fabian Koch
<=
Prev by Date:
[lwip-devel] [bug #32561] tcp_poll argument definition out-of-order in documentation
Previous by thread:
[lwip-devel] [bug #32561] tcp_poll argument definition out-of-order in documentation
Index(es):
Date
Thread