From owner-FreeBSD-net-jp@jp.freebsd.org  Sun Sep 19 12:59:54 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id MAA07964;
	Sun, 19 Sep 1999 12:59:54 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from mail.keim.cs.gunma-u.ac.jp (zeus.keim.cs.gunma-u.ac.jp [133.8.13.11])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id MAA07959
	for <FreeBSD-net-jp@jp.freebsd.org>; Sun, 19 Sep 1999 12:59:53 +0900 (JST)
	(envelope-from j5306050@cs.gunma-u.ac.jp)
Received: from localhost (nike.keim.cs.gunma-u.ac.jp [133.8.13.71])
	by mail.keim.cs.gunma-u.ac.jp (8.9.3/3.7W) with ESMTP id MAA16460
	for <FreeBSD-net-jp@jp.freebsd.org>; Sun, 19 Sep 1999 12:58:22 +0900 (JST)
To: FreeBSD-net-jp@jp.freebsd.org
In-Reply-To: Your message of "Sun, 19 Sep 1999 09:46:12 +0900"
	<005501bf0238$5fb53b00$8a8dd5ca@cong>
References: <005501bf0238$5fb53b00$8a8dd5ca@cong>
X-Mailer: Mew version 1.93 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990919125821I.j5306050@cs.gunma-u.ac.jp>
Date: Sun, 19 Sep 1999 12:58:21 +0900
From: Matsumura Naoki <j5306050@cs.gunma-u.ac.jp>
X-Dispatcher: imput version 980905(IM100)
Lines: 28
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: FreeBSD-net-jp 1935
Subject: [FreeBSD-net-jp 1935] IP spoofing
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org
X-Originator: j5306050@cs.gunma-u.ac.jp

$B$^$D$`$i$G$9!#A4A34X78$J$$$s$G$9$,!"(B

From: "congshiping" <vn5s-cng@asahi-net.or.jp>
Subject: [FreeBSD-net-jp 1929] IP $B1#$7(B 

> $B%$%s%?!<%M%C%H$N%U%)!<%i%`$GH/8@$9$k$H$-!"Aj<j$O$3$A$i$N#I#P$rI=<((B
> $B$9$k$H$-$,$"$j$^$9!#$3$l$r1#$7$?$$$G$9!#(B

$B$F$J$H$-$K!"0-$$?M$,;H$+$b$7$l$J$$<j$N0l$D$K(B IP spoofing $B$,$"$j$^$9$,!"(B
FreeBSD $B$G$O(B TCP $B%X%C%@$N56B$$KBP$7$F==J,(B secure $B$J$N$G$7$g$&$+(B?


$B0l1~!"KM$O(B IP spoofing $B$K$D$$$F0J2<$N$h$&$KM}2r$7$F$^$9(B($B4V0c$C$F$$$k(B
$B$+$b$7$l$^$;$s$,(B)$B!#(B

  $B%/%i%$%"%s%H(BA $B$,%5!<%P(BB $B$KBP$7$F(B TCP $B%3%M%/%7%g%s$rD%$k:]!"(B
      1 A (SYN) => B
      2 X <= (SYN, ACK) B
      3 A (ACK) => B
  $B$H$$$C$?(B 3-way $B%O%s%I%7%'%$%/$r9T$&$,!"(B2$B$G(BB$B$,Aw$C$?(B ($BH/?.85(B IP $B%"%I%l%9$r(B
  $B56B$$7$F$$$k$+$i<u?.$G$-$J$$(B) TCP$B$N(B sequence number ($B$3$l$O(BB$B$,E,Ev$J(B
  $B%"%k%4%j%:%`$G>!<j$K@8@.$9$k(B)$B$,J,$+$i$J$$$H(B3$B$N(B ACK $B$rJV$;$J$$!#(B

  $B$h$C$F!"(BB$B$N(B sequence number $B@8@.%"%k%4%j%:%`$K!"(BA$B$K$H$C$FM=B,:$Fq$J$b$N$r(B
  $B:NMQ$9$k;v$G!"KI8f$,2DG=!#(B

$B$G!"(BFreeBSD $B$N(B sequence number $B@8@.%"%k%4%j%:%`$O!"30It$+$i(B
$BM=B,IT2DG=$J$N$+$I$&$+!"$H$$$&$N$r$*J9$-$7$?$$$G$9!#(B
