nanog mailing list archives

Re: New Denial of Service Attack on Panix

From: Avi Freedman <freedman () netaxs com>
Date: Thu, 3 Oct 1996 15:37:40 -0400 (EDT)

But of course. The problem is that SYN_RCVD is a transient state in the
TCP automaton, and it requires some resources allocation. The life
might have been a little bit different if servers weren't forced
to track this state. Something like a signed ticket accompanying the
second SYN and the following ACK.

Dima


That's the idea of making the iss a ticket that includes mss info and
a hash of the other info plus a security ticket.

I had hoped to work on that but it looks like someone else local is almost
done and claims that ignoring window size and any data with the SYN(s)
is harmless...

Avi

- - - - - - - - - - - - - - - - -

Current thread:

Re: New Denial of Service Attack on Panix, (continued)
- - - Re: New Denial of Service Attack on Panix Perry E. Metzger (Oct 03)
    - Re: TCP SYN attacks Ran Atkinson (Oct 03)
    - Re: TCP SYN attacks Zach (Oct 03)
    - Re: TCP SYN attacks Avi Freedman (Oct 03)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Oct 02)
  - Re: New Denial of Service Attack on Panix Dima Volodin (Oct 02)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Oct 03)
  - Re: New Denial of Service Attack on Panix Dima Volodin (Oct 03)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Oct 03)
  - Re: New Denial of Service Attack on Panix Dima Volodin (Oct 03)
    - Re: New Denial of Service Attack on Panix Avi Freedman (Oct 03)
  - Re: New Denial of Service Attack on Panix Tim Bass (Oct 03)
- Re: New Denial of Service Attack on Panix Jeff Weisberg (Oct 03)
  - Re: New Denial of Service Attack on Panix Avi Freedman (Oct 03)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Oct 03)
  - Re: New Denial of Service Attack on Panix Daniel W. McRobb (Oct 03)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Oct 03)