Date: Fri, 04 Sep 1998 13:23:03 +0200 From: sthaug@nethelp.no To: freebsd-current@FreeBSD.ORG Subject: Should FreeBSD-3.0 ship with RFC 1644 (T/TCP) turned off by default? Message-ID: <22672.904908183@verdi.nethelp.no>
next in thread | raw e-mail | index | archive | help
It might be a good idea if FreeBSD-3.0 shipped with RFC 1644 extensions
(T/TCP) turned *off* by default. It still defaults to on in tcp_subr.c
version 1.46.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
----------------------------------------------------------------------
Date: Fri, 4 Sep 1998 07:04:33 -0400 (EDT)
Message-Id: <199809041104.HAA10917@lunacity.ne.mediaone.net>
From: "Charles M. Hannum" <mycroft@mit.edu>
To: "W. Richard Stevens" <rstevens@kohala.com>
Cc: perry@piermont.com, Mohit Aron <aron@cs.rice.edu>,
tcp-impl@cthulhu.engr.sgi.com (TCP Implementor's List)
Subject: Re: status of T/TCP
>> Charles Hannum really should submit his "T/TCP Considered Harmful" as
>> an informational RFC at some point.
>
> It's only a few pages, and was in the end2end archives (13 Sep 1996),
> so here it is.
I actually submitted it to rfc-editor around the same time. I never
received a response, and I'm not sure it was ever published as a draft.
It's interesting (amusing?) to note that, on 19980407 (19 months after
my draft was originally sent out), an exploit for the `Host-Based
Authorization' hole against FreeBSD was published on bugtraq. A patch
was issued ~1 month later, which was intended to disable the accepting
of a connection count for services which did not explicitly request
T/TCP on the listening socket (a workaround which I had forgotten to
mention in the draft), but the patch was broken and went through
several revisions. I don't know what the current status of this is.
The problems related to SYN flooding and sequence number attacks have
never been addressed -- nor has the compatibility issue with old TCP
implementations mentioned in passing in the conclusions section (which
I can explain better if anyone is interested), which I believe has
been shown to affect communication with some embedded TCP
implementations.
Furthermore, the case that T/TCP was originally designed for (HTTP)
has been more or less resolved by changing the application layer
anyway. So I wonder if there is even a point in discussing T/TCP any
more.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?22672.904908183>