From owner-freebsd-net  Fri Oct  4 10:22:59 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9CB1837B401
	for <net@freebsd.org>; Fri,  4 Oct 2002 10:22:58 -0700 (PDT)
Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C1E5943E65
	for <net@freebsd.org>; Fri,  4 Oct 2002 10:22:57 -0700 (PDT)
	(envelope-from jdp@polstra.com)
Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13])
	by wall.polstra.com (8.11.3/8.11.3) with ESMTP id g94HMsx24794;
	Fri, 4 Oct 2002 10:22:54 -0700 (PDT)
	(envelope-from jdp@vashon.polstra.com)
Received: (from jdp@localhost)
	by vashon.polstra.com (8.12.5/8.12.5/Submit) id g94HMrbG002976;
	Fri, 4 Oct 2002 10:22:53 -0700 (PDT)
	(envelope-from jdp)
Date: Fri, 4 Oct 2002 10:22:53 -0700 (PDT)
Message-Id: <200210041722.g94HMrbG002976@vashon.polstra.com>
To: net@freebsd.org
From: John Polstra <jdp@polstra.com>
Cc: julian@elischer.org
Subject: Re: Anyone T/TCP?
In-Reply-To: <Pine.BSF.4.21.0210040804420.13322-100000@InterJet.elischer.org>
References: <Pine.BSF.4.21.0210040804420.13322-100000@InterJet.elischer.org>
Organization: Polstra & Co., Seattle, WA
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

In article <Pine.BSF.4.21.0210040804420.13322-100000@InterJet.elischer.org>,
Julian Elischer  <julian@elischer.org> wrote:
> Richard Stevens was the great T/TCP proponent. Since his untimely
> demise, it has been languishig.. I think many firewalls now routinely
> block packets with both SYN and FIN which is what T/TCP does.

Accepting incoming T/TCP creates a pretty serious DoS vulnerability,
doesn't it?  The very first packet contains the request, which the
server must act upon and reply to without further delay.  There is no
3-way handshake, so a simple attack using spoofed source addresses can
impose a huge load on the victim.

John
-- 
  John Polstra
  John D. Polstra & Co., Inc.                        Seattle, Washington USA
  "Disappointment is a good sign of basic intelligence."  -- Chögyam Trungpa


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message