Blind reset Attack using SYN in NPF

To: tech-net%netbsd.org@localhost
Subject: Blind reset Attack using SYN in NPF
From: Emmanuel Nyarko <emmankoko519%gmail.com@localhost>
Date: Fri, 4 Apr 2025 18:19:09 +0000

RFC 5961 implements mitigations against Blind reset Attack using RST, SYN or data.

It is already handled in NetBSD TCP stack.

A tasklist indicate it to be handled in NPF

But will it be ideal to also implement in NPF ? Maybe I think to be extra security in that NPF doesn’t even let potential attacks get to our network stack.

Emmanuel

Follow-Ups:
- Re: Blind reset Attack using SYN in NPF
  - From: Greg Troxel

Prev by Date: Coverity scan: Socket options
Next by Date: Re: IPv6: NetBSD does not respond to NS for non-link local addresses
Previous by Thread: Coverity scan: Socket options
Next by Thread: Re: Blind reset Attack using SYN in NPF
Indexes:

Home | Main Index | Thread Index | Old Index