Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Inappropriate TCP Resets Considered Harmful

From: Ben Nagy <ben.nagy () marconi com au>
Date: Mon, 14 May 2001 11:33:12 +1000
Well, DUH. ;)

But why is trying to connect twice instead of once inherently bad? It's not
like the Internet isn't chatty already. These double connects would occur in
the wild, sometimes, just because of transmission delay and agressive
initial retry timeouts. It's hardly going to Break The Internet, and it
seems like a decent way for the ECNophiles to be able to gracefully phase
things in.

I thought you were going to go on about how you'd need extra state in the
TCP stack to work out whether it was in ECN or non-ECN SYN-SENT and how the
implementation could lead to nasty problems etc etc.

Cheers!

--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520  PGP Key ID: 0x1A86E304 


-----Original Message-----
From: Darren Reed [mailto:darrenr () reed wattle id au]

[...]

Retrying in response to an RST is bad because an RST is not 
an indicator
of a communications problem.  It is saying that the service 
is not available.

[...]

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: