[2028] in WWW Security List Archive
Re: Hacking a Personal Computer via E-mail
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Thu May 9 16:36:54 1996
To: Rolf Weber <weber@iez.com>
cc: cwg@DeepEddy.Com (Chris Garrigues),
www-security@ns2.rutgers.edu (www-security)
Date: Thu, 09 May 1996 14:08:15 -0400
From: Steven Bellovin <smb@research.att.com>
Errors-To: owner-www-security@ns2.rutgers.edu
> Well...if it weren't for little details like timeout values, I suppo
se....
>
> You do realize that you can't even run TCP over two satelite hops be
cause the latency is greater than the timeouts, don't you?
>
as said, i nerver did it, but i was told by private mail it's
been done.
Whether or not it's feasible depends on the TCP implementation. While
I've certainly seen PC stacks that give up after a few seconds, modern
UNIX-based TCPs can last a fair number of minutes. RFC 1122 requires
a timeout of at least 100 seconds before giving up. According to
TCP/IP Illustrated Vol II, 4.4bsd's TCP waits at least 500 seconds
before declaring a connection dead.
Btw -- I know someone who's implemented it. ``Lousy latencies but
a big MTU....''
--Steve Bellovin
