Date: Fri, 14 May 1999 13:17:26 -0700 (PDT) From: Thamer Al-Herbish <shadows@whitefang.com> To: security@FreeBSD.ORG Subject: Re: Forwarded from BUGTRAQ: SYN floods against FreeBSD Message-ID: <Pine.BSF.4.05.9905141314001.253-100000@rage.whitefang.com> In-Reply-To: <4.2.0.37.19990514133829.0461e220@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 14 May 1999, Brett Glass wrote: > One question about "the Linux way of doing it" as described > below. What happens if the secret just happens to be modified > right after the SYN-ACK? Could be you'd drop a connection or > two that was legitimate. Seems like you'd need to test against > an old AND a new secret to avoid the race condition, especially > in the presence of congestion. There were a few "trade offs" with the implementation. I have a copy of the syn-cookies mailing list archive. Forgot where I originally got it from: http://www.whitefang.com/syn-cookies.txt Oh and here's the obligatory question: has anyone already attempted to write a cookie mechanism for fbsd? -- Thamer Al-Herbish PGP public key: shadows@whitefang.com http://www.whitefang.com/pgpkey.txt [ The Secure UNIX Programming FAQ http://www.whitefang.com/sup/ ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905141314001.253-100000>