Re: TCP vulnerability
From: Andre Oppermann (andre_at_freebsd.org)
Date: 04/24/04
- Previous message: Alan Evans: "Re: TCP vulnerability"
- In reply to: Alan Evans: "Re: TCP vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 24 Apr 2004 18:05:45 +0200 To: Alan Evans <evans.alan@sbcglobal.net>
Alan Evans wrote:
>
> I agree, but what's most important is to maintain
> backward compatibility. If one breaks it, it's a DoS
> is some sense. I also saw some postings on NetBSD
> which does ratelimiting of ACKs (in response to SYNs),
> and ACKs RST. IMHO, the latter is bogus - why ACK a
> RST? And, the former may impose an artificial limit
> of some sort.
Dunno about the rate limiting. The ACK of the RST is recommended
in the paper you have referenced but only when sequence number of
the segment with the RST is not the next expected but within the
window. Makes sense to reduce the chances of an successful blind
reset from 2^32/win to 2^32. With large windows definitely a win
by an order of an magnitude.
-- Andre _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Alan Evans: "Re: TCP vulnerability"
- In reply to: Alan Evans: "Re: TCP vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
