Date: Wed, 18 Jul 2001 16:03:45 -0500 From: Jonathan Lemon <jlemon@flugsvamp.com> To: Chris Peterson <chris@potamus.org> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk Message-ID: <20010718160345.J74461@prism.flugsvamp.com> In-Reply-To: <001101c10fcc$7a7927f0$a586fa18@chris> References: <001101c10fcc$7a7927f0$a586fa18@chris>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 18, 2001 at 01:59:04PM -0700, Chris Peterson wrote: > to defend against SYN floods. I don't know if he has implemented it or if > his idea is even feasible. His algorithm is so simple, I suspect he must be > overlooking something. Its not feasible; he's overlooking several things. Among them are: 1. it is susceptible to replay attacks, 2. the secret is per IP, and 3. "having the response go nowhere" is not a valid defense, if the attacker can guess it. -- Jonathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010718160345.J74461>