|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Denial of Service Attack on Panix
> But of course. The problem is that SYN_RCVD is a transient state in the > TCP automaton, and it requires some resources allocation. The life > might have been a little bit different if servers weren't forced > to track this state. Something like a signed ticket accompanying the > second SYN and the following ACK. > > Dima That's the idea of making the iss a ticket that includes mss info and a hash of the other info plus a security ticket. I had hoped to work on that but it looks like someone else local is almost done and claims that ignoring window size and any data with the SYN(s) is harmless... Avi - - - - - - - - - - - - - - - - -
|