From owner-freebsd-arch Wed Jul 18 14: 3:55 2001 Delivered-To: freebsd-arch@freebsd.org Received: from prism.flugsvamp.com (cb58709-a.mdsn1.wi.home.com [24.17.241.9]) by hub.freebsd.org (Postfix) with ESMTP id 7A0EC37B401 for ; Wed, 18 Jul 2001 14:03:52 -0700 (PDT) (envelope-from jlemon@flugsvamp.com) Received: (from jlemon@localhost) by prism.flugsvamp.com (8.11.0/8.11.0) id f6IL3jr69969; Wed, 18 Jul 2001 16:03:45 -0500 (CDT) (envelope-from jlemon) Date: Wed, 18 Jul 2001 16:03:45 -0500 From: Jonathan Lemon To: Chris Peterson Cc: freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk Message-ID: <20010718160345.J74461@prism.flugsvamp.com> References: <001101c10fcc$7a7927f0$a586fa18@chris> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <001101c10fcc$7a7927f0$a586fa18@chris> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Jul 18, 2001 at 01:59:04PM -0700, Chris Peterson wrote: > to defend against SYN floods. I don't know if he has implemented it or if > his idea is even feasible. His algorithm is so simple, I suspect he must be > overlooking something. Its not feasible; he's overlooking several things. Among them are: 1. it is susceptible to replay attacks, 2. the secret is per IP, and 3. "having the response go nowhere" is not a valid defense, if the attacker can guess it. -- Jonathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message