Date: Fri, 04 Oct 2002 10:34:01 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: John Polstra <jdp@polstra.com> Cc: net@freebsd.org, julian@elischer.org Subject: Re: Anyone T/TCP? Message-ID: <3D9DD109.6030105@tenebras.com> References: <Pine.BSF.4.21.0210040804420.13322-100000@InterJet.elischer.org> <200210041722.g94HMrbG002976@vashon.polstra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John Polstra wrote: > Accepting incoming T/TCP creates a pretty serious DoS vulnerability, > doesn't it? The very first packet contains the request, which the > server must act upon and reply to without further delay. There is no > 3-way handshake, so a simple attack using spoofed source addresses can > impose a huge load on the victim. Right. It's reasonable to use T/TCP when the transactions contain an authenticator, and in a VPN. For public access, it's subject to attacks for which there are no adequate countermeasures. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D9DD109.6030105>