From owner-freebsd-net Fri Oct 4 10:22:59 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CB1837B401 for ; Fri, 4 Oct 2002 10:22:58 -0700 (PDT) Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1E5943E65 for ; Fri, 4 Oct 2002 10:22:57 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.11.3/8.11.3) with ESMTP id g94HMsx24794; Fri, 4 Oct 2002 10:22:54 -0700 (PDT) (envelope-from jdp@vashon.polstra.com) Received: (from jdp@localhost) by vashon.polstra.com (8.12.5/8.12.5/Submit) id g94HMrbG002976; Fri, 4 Oct 2002 10:22:53 -0700 (PDT) (envelope-from jdp) Date: Fri, 4 Oct 2002 10:22:53 -0700 (PDT) Message-Id: <200210041722.g94HMrbG002976@vashon.polstra.com> To: net@freebsd.org From: John Polstra Cc: julian@elischer.org Subject: Re: Anyone T/TCP? In-Reply-To: References: Organization: Polstra & Co., Seattle, WA Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article , Julian Elischer wrote: > Richard Stevens was the great T/TCP proponent. Since his untimely > demise, it has been languishig.. I think many firewalls now routinely > block packets with both SYN and FIN which is what T/TCP does. Accepting incoming T/TCP creates a pretty serious DoS vulnerability, doesn't it? The very first packet contains the request, which the server must act upon and reply to without further delay. There is no 3-way handshake, so a simple attack using spoofed source addresses can impose a huge load on the victim. John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message