That code will only work if the receiving host has no daemon listening on
that port, you're better off with Alfred's patch.
http://www.freebsd.org/~alred/tcp_fix.diff
(I think)
Omachonu Ogali
Intranova Networking Group
On Thu, 27 Jan 2000, John Watkins wrote:
> Here is a patch for FreeBSD
>
> --- tcp_input.c.orig Tue Apr 20 15:09:15 1999
> +++ tcp_input.c Fri Jan 21 21:53:00 2000
> @@ -398,12 +398,36 @@
> "Connection attempt to TCP %s:%d from
> %s:%d\n",
> buf, ntohs(ti->ti_dport),
> inet_ntoa(ti->ti_src),
> ntohs(ti->ti_sport));
> - }
> + } else if (tiflags & TH_ACK) {
> + /*
> + * Alpha code in response to stream.c
> + * - Omachonu Ogali
> + */
> + char buf[4*sizeof "123"];
> +
> +#ifdef ICMP_BANDLIM
> + if (badport_bandlim(1) < 0)
> + goto drop;
> +#endif
> +
> + strcpy(buf, inet_ntoa(ti->ti_dst));
> + log(LOG_INFO,
> + "received TCP/ACK to non existant
> connection: %s:%d -> %s:%d\n",
> + inet_ntoa(ti->ti_src), ntohs(ti->ti_sport),
> buf,
> ntohs(ti->ti_dport));
> +
> + /*
> + * Drop without reset to prevent smurf-like tcp
> + * attack
> + */
> +
> + goto drop;
> + } else {
> #ifdef ICMP_BANDLIM
> if (badport_bandlim(1) < 0)
> goto drop;
> #endif
> goto dropwithreset;
> + }
> }
> tp = intotcpcb(inp);
> if (tp == 0)
>
Received on Jan 28 2000
Intro
