Re: Excellent host SYN-attack fix for BSD hosts

davidswiznet.net

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Vern Paxson: "Re: Excellent host SYN-attack fix for BSD hosts"
• Previous message: Perry E. Metzger: "Re: ftpd bug? Was: bin/1805: Bug in ftpd"
• In reply to: Casper Dik: "Re: Excellent host SYN-attack fix for BSD hosts"
• Next in thread: D. J. Bernstein: "Re: Excellent host SYN-attack fix for BSD hosts"

        If I understand T/TCP correctly, the SYN cookies approach
shouldn't affect it at all. T/TCP only kicks in when you're talking to a
host you've talked to before. SYN cookies could easily be employed only
when talking to a host not in the host cache. (Which would likely happen
automatically because you check against the host cache before normal SYN
handling for the three-way handshake)

        DS

On Wed, 16 Oct 1996, Casper Dik wrote:

> >According to Avi Freedman:
> >> contains a few bits for reference into a table of MSS values; window size
> >> and any initial data is discarded; and the rest of the ISS is the MD5 output
> >
> >It will also break T/TCP I think. While it is not a big issue at the moment
> >it may become a real one later. Stevens in his thirs volume describe why
> >T/TCP is a good thing and it will be seen more and more in the future.

• Next message: Vern Paxson: "Re: Excellent host SYN-attack fix for BSD hosts"
• Previous message: Perry E. Metzger: "Re: ftpd bug? Was: bin/1805: Bug in ftpd"
• In reply to: Casper Dik: "Re: Excellent host SYN-attack fix for BSD hosts"
• Next in thread: D. J. Bernstein: "Re: Excellent host SYN-attack fix for BSD hosts"