Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ambiguities in TCP/IP - firewall bypassing

From: Tony Finch <dot () dotat at>
Date: Sat, 19 Oct 2002 02:33:57 +0100
Alun Jones <alun () texis com> wrote:


Not necessarily.  Have you heard of T/TCP?  Before that was around, I 
remember hearing discussion of using a packet with SYN, FIN, and data all 
in one, to cut down on round-trips in really short communications, while 
still providing reliability.


One of the problems with T/TCP on the wider Internet is that it is almost
as vulnerable to source address spoofing as UDP, so security facilities
like those provided by tcp_wrappers (and built in to many daemons) are
no longer so effective. With vanilla TCP, the T/TCP combination of SYN+
data+FIN isn't useful, because the passive end should discard data that
arrives before the handshake is completed in order to preserve its spoof-
resistence, therefore requiring a retransmit.

Tony.
-- 
f.a.n.finch <dot () dotat at> http://dotat.at/
FORTIES CROMARTY FORTH TYNE DOGGER: NORTHWESTERLY 4 OR 5, OCCASIONALLY 6.
SHOWERS. GOOD.
Previous By Date Next
Previous By Thread Next

Current thread: