[3491] in bugtraq
Re: Excellent host SYN-attack fix for BSD hosts
daemon@ATHENA.MIT.EDU (Vern Paxson)
Thu Oct 17 06:41:49 1996
Date: Wed, 16 Oct 1996 10:48:14 PDT
Reply-To: Vern Paxson <vern@ee.lbl.gov>
From: Vern Paxson <vern@ee.lbl.gov>
X-To: Casper Dik <casper@holland.Sun.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of Wed, 16 Oct 1996 09:11:51 PDT.
> It will not necessarily break T/TCP. T/TCP is supposed to be compatible w/
> TCP and I think you can pretend that you only ack'ed the SYN rather than the
> data + FIN that come with T/TCP in the same packet.
Right. Doing so loses the quick-start capability of T/TCP, but if you only
do it when the queue is near full, this isn't much of a lose.
> So T/TCP is only benificial of reply & response fit in 500 or so bytes,
> such transactions are a-typical, even for HTTP for which T/TCP was originally
> developed (most replies are much longer)
The main benefit comes with speeding up the *request*. These are quite
small. Looking at yesterday's logs in & out of LBL, out of 272,219 requests,
92% were <= 512 bytes. Furthermore, a T/TCP implementation can cache the
MSS previously used and if it's larger (not uncommon anymore) it can use that.
(The median HTTP reply, by the way, was 2.5 KB.)
Vern
