On Wed, May 11, 2005 at 05:22:32AM -0400, D'Arcy J.M. Cain wrote:

> On Wed, 11 May 2005 08:35:39 +0200
> Martin Husemann <martin@duskware.de> wrote:
> > This is not an argument pro/cons including this functionality, but can
> > you please give an example of why/when this would be usefull? I think
> > I never missed this feature myself, so I'm curious.
> 

Quoting the original author from another BSD from where I stole the idea
shamelessly.

"While working on a fix for a denial of service attack involving out-of-order TCP packets, I've found that it's hard for an administrator to terminate a misbehaving TCP connection. Usually you have to kill the application, unless there is a way to tell it to close a given socket. The attack mentioned before can even lead to situations where closing the socket does not help (e.g., when the connection is in the FIN_WAIT2 state).

Without tcpdrop, you could use a packet-generating tool like libdnet and send out fake TCP resets. However, this is difficult since it requires that the administrator figure out the correct TCP sequence numbers."

Since I do not administer any NetBSD boxes myself (excpt for a few in my home
network) to have a need for this functionality, personally.

truly
dheeraj
-- 
"Nature wants us to react, return blow for blow, cheating for cheating, lie for
lie, and then it requires a Divine power not to hit-back, keep control and 
remain unattached, and act with prudence."