Dailydave mailing list archives
Re: Cisco, and software patents.
From: Matt Hargett <matt () use net>
Date: Wed, 12 May 2004 13:49:36 -0700
Florian Weimer wrote:
IMHO, there are two flaws. The first one is the change that advises to send an ACK in response to certain RST segments. This seems to be an unnecessary drastic change to the TCP state machine. My other concern is more fundamental: If we start fixing weak points of the TCP state machine by fiddling with it, we might be forced to roll out a TCP upgrade twice a year, for the forseeable future. This is not acceptable. If we want to protect the TCP state engine against blind insertion attacks, we should introduce a "v-tag" or "cookie" that is the same in both directions, is negotiated at connection establishment, and remains constant during its lifetime. This concept is borrowed from SCTP, so it should be free from IPR claims.
Didn't Moskowitz suggest the same thing with his HIP (Host Identification Protocol) proposal 4 or 5 years ago? (I think it was 2000, but my memory is fuzzy.) I personally find both to be equally impractical; to the point where I thought Moskowitz was joking when he made his proposal at the DDoS BoF at NANOG. He seemed to think a solution like this one would get deployed before IPv6, which was probably more correct than it is now, but still seems quite delusional to me.
Of course, if Cisco backs some "solution" and just puts it into IOS, then it will by default be used. Same as if Microsoft put something similar into a service pack and didn't give people the option to not use it.
At the very least, it doesn't violate the "smart ends, dumb middle" ethic like so many other proposed solutions to DDoS problems people kept suggesting when I still paid attention to these things.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Cisco, and software patents. Dave Aitel (May 12)
- Re: Cisco, and software patents. Halvar Flake (May 12)
- Re: Cisco, and software patents. Florian Weimer (May 12)
- Re: Cisco, and software patents. Matt Hargett (May 13)