Bugtraq mailing list archives

Re: Excellent host SYN-attack fix for BSD hosts

From: davids () wiznet net (David Schwartz)
Date: Wed, 16 Oct 1996 13:27:36 -0400


        If I understand T/TCP correctly, the SYN cookies approach
shouldn't affect it at all. T/TCP only kicks in when you're talking to a
host you've talked to before. SYN cookies could easily be employed only
when talking to a host not in the host cache. (Which would likely happen
automatically because you check against the host cache before normal SYN
handling for the three-way handshake)

        DS

On Wed, 16 Oct 1996, Casper Dik wrote:

According to Avi Freedman:

contains a few bits for reference into a table of MSS values; window size
and any initial data is discarded; and the rest of the ISS is the MD5 output


It will also break T/TCP I think. While it is not a big issue at the moment
it may become a real one later. Stevens in his thirs volume describe why
T/TCP is a good thing and it will be seen more and more in the future.

Current thread:

SECURITY HOLE IN AUTHENTICATION FORWARDING, (continued)
- - SECURITY HOLE IN AUTHENTICATION FORWARDING Charles M. Hannum (Oct 10)
    - Re: SECURITY HOLE IN AUTHENTICATION FORWARDING Tatu Ylonen (Oct 13)
  - InterNIC Shenanigans (crypt-pw) Sean B. Hamor (Oct 11)
    - Re: InterNIC Shenanigans (crypt-pw) Yiorgos Adamopoulos (Oct 11)
    - Re: InterNIC Shenanigans (crypt-pw) Igor Chudov @ home (Oct 11)
    - Re: InterNIC Shenanigans (crypt-pw) Steve Reid (Oct 12)
    - Re: InterNIC Shenanigans (crypt-pw) Rogue Agent (Oct 12)
  - Excellent host SYN-attack fix for BSD hosts Avi Freedman (Oct 11)
    - Re: Excellent host SYN-attack fix for BSD hosts Ollivier Robert (Oct 15)
    - Re: Excellent host SYN-attack fix for BSD hosts Casper Dik (Oct 16)
    - Re: Excellent host SYN-attack fix for BSD hosts David Schwartz (Oct 16)
  - Exploit for 1.2.X (maybe some 1.3.X) kernels Marin Purgar - PMC (Oct 11)