Vulnerability Development mailing list archives
Re: FreeBSD listen()
From: davids () WEBMASTER COM (David Schwartz)
Date: Sat, 30 Oct 1999 15:14:26 -0700
Hello David Schwartz, 29.10.1999 0:13, you wrote: FreeBSD listen(); D> It makes no sense at all to use the listen backlog as any sort of security D> mechanism. If you only wish to accept one connection, only call 'accept' D> once. accept() just allocates socket for connection that is already established and removes this connection from queue. It works just like getchar() works with keyboard input. Calling accept once doesn't assumes you that only one connection is established - like calling getchar() once doesn't assumes you that only one symbol is entered by user.
So? What good does it do to complete a TCP connection if no data will be passed through it?
D> This is about active versus passive FTP. It has nothing to do with listen D> backlogs or connection counts. It works in FreeBSD just because of this problem.
That's nonsense. The listen backlog cannot be used as a security mechanism on any platform that I know of. DS
Current thread:
- icq2000, (continued)
- icq2000 Brad Griffin (Oct 26)
- Re: ICQ 2000 Damm, Mike (Oct 26)
- Re: ICQ 2000 Brad Griffin (Oct 26)
- FreeBSD listen() 3APA3A (Oct 27)
- Re: FreeBSD listen() CyberPsychotic (Oct 27)
- Re: FreeBSD listen() 3APA3A (Oct 29)
- Re: FreeBSD listen() Matthew S. Hallacy (Oct 30)
- Fw: Trojan/Worm on one of your pages and spams ICQ users. BrainMaster (Oct 28)
- Re: FreeBSD listen() David Schwartz (Oct 28)
- Re: FreeBSD listen() 3APA3A (Oct 29)
- Re: FreeBSD listen() David Schwartz (Oct 30)
- Re: FreeBSD listen() 3APA3A (Oct 31)
- Re: FreeBSD listen() Sebastian (Oct 28)
- Re: FreeBSD listen() 3APA3A (Oct 29)
- Re: FreeBSD listen() Warren Young (Oct 28)
- Re: ICQ 2000 Bernie Cosell (Oct 27)
- Re: ICQ 2000 Ripple (Oct 26)
- Re: ICQ 2000 Sean Burford (Oct 26)
- stealth executables Brad Griffin (Oct 26)
- Re: stealth executables Adolfo Soto (Sep 30)
- [Fwd: ICQ 2000] Blue Boar (Oct 26)