[3451] in bugtraq
Re: Excellent host SYN-attack fix for BSD hosts
daemon@ATHENA.MIT.EDU (Charles M. Hannum)
Sun Oct 13 22:26:58 1996
Date: Sun, 13 Oct 1996 18:33:06 -0400
Reply-To: "Charles M. Hannum" <mycroft@MIT.EDU>
From: "Charles M. Hannum" <mycroft@MIT.EDU>
X-To: Avi Freedman <freedman@netaxs.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Avi Freedman's message of Fri, 11 Oct 1996 12:10:08 -0500
Avi Freedman <freedman@netaxs.com> writes:
>
> No state is kept locally; when a SYN is received, an ISS is generated that
> contains a few bits for reference into a table of MSS values; window size
> and any initial data is discarded; and the rest of the ISS is the MD5 output
> of a 32-byte secret and all of the interesting header info.
This doesn't seem to deal with window scaling, which is a big lose on
high-bandwidth networks. It also breaks TCP's algorithm for
recognizing stale data.
