[4974] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Avi Freedman)
Thu Oct 3 15:48:58 1996
From: Avi Freedman <freedman@netaxs.com>
To: dvv@sprint.net (Dima Volodin)
Date: Thu, 3 Oct 1996 15:37:40 -0400 (EDT)
Cc: pferguso@cisco.com, dvv@sprint.net, nanog@merit.edu, iepg@iepg.org
In-Reply-To: <199610031833.OAA25130@mercury.int.sprintlink.net> from "Dima Volodin" at Oct 3, 96 02:33:47 pm
> But of course. The problem is that SYN_RCVD is a transient state in the
> TCP automaton, and it requires some resources allocation. The life
> might have been a little bit different if servers weren't forced
> to track this state. Something like a signed ticket accompanying the
> second SYN and the following ACK.
>
> Dima
That's the idea of making the iss a ticket that includes mss info and
a hash of the other info plus a security ticket.
I had hoped to work on that but it looks like someone else local is almost
done and claims that ignoring window size and any data with the SYN(s)
is harmless...
Avi
