New Denial of Service Attack on Panix

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> But of course. The problem is that SYN_RCVD is a transient state in the
> TCP automaton, and it requires some resources allocation. The life
> might have been a little bit different if servers weren't forced
> to track this state. Something like a signed ticket accompanying the
> second SYN and the following ACK.
> 
> Dima

That's the idea of making the iss a ticket that includes mss info and
a hash of the other info plus a security ticket.

I had hoped to work on that but it looks like someone else local is almost
done and claims that ignoring window size and any data with the SYN(s)
is harmless...

Avi

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]