From owner-freebsd-current@FreeBSD.ORG  Mon Oct 20 07:25:33 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id CE20B858
 for <freebsd-current@freebsd.org>; Mon, 20 Oct 2014 07:25:33 +0000 (UTC)
Received: from ms-10.1blu.de (ms-10.1blu.de [178.254.4.101])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8E19C7D0
 for <freebsd-current@freebsd.org>; Mon, 20 Oct 2014 07:25:33 +0000 (UTC)
Received: from [82.113.99.95] (helo=unixarea.DDR.dd)
 by ms-10.1blu.de with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.76) (envelope-from <guru@unixarea.de>) id 1Xg7LP-0006sJ-Iq
 for freebsd-current@freebsd.org; Mon, 20 Oct 2014 09:25:31 +0200
Received: from unixarea.DDR.dd (localhost [127.0.0.1])
 by unixarea.DDR.dd (8.14.9/8.14.3) with ESMTP id s9K7PTvY001776
 for <freebsd-current@freebsd.org>; Mon, 20 Oct 2014 09:25:29 +0200 (CEST)
 (envelope-from guru@unixarea.de)
Received: (from guru@localhost)
 by unixarea.DDR.dd (8.14.9/8.14.3/Submit) id s9K7PSEj001775
 for freebsd-current@freebsd.org; Mon, 20 Oct 2014 09:25:28 +0200 (CEST)
 (envelope-from guru@unixarea.de)
X-Authentication-Warning: unixarea.DDR.dd: guru set sender to guru@unixarea.de
 using -f
Date: Mon, 20 Oct 2014 09:25:28 +0200
From: Matthias Apitz <guru@unixarea.de>
To: freebsd-current@freebsd.org
Subject: FreeBSD && TCP stealth
Message-ID: <20141020072528.GA1748@unixarea.DDR.dd>
Reply-To: Matthias Apitz <guru@unixarea.de>
Mail-Followup-To: Matthias Apitz <guru@unixarea.de>,
 freebsd-current@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
X-Operating-System: FreeBSD 11.0-CURRENT r269739 (i386)
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Con-Id: 51246
X-Con-U: 0-guru
X-Originating-IP: 82.113.99.95
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 07:25:33 -0000


Hello,

Is there any work started or in progress to implement TCP stealth in our
kernel as proposed to IETF in

https://datatracker.ietf.org/doc/draft-kirsch-ietf-tcp-stealth/

The idea is that the client put some magic value in the ISN of the first
SYN pkg which is derived from a secret the client and the server share.
The server can check the ISN and decide if it will answer the SYN pkg or
do a RST, for example. 

Vy 73

         matthias
-- 
Matthias Apitz               |  /"\   ASCII Ribbon Campaign:
E-mail: guru@unixarea.de     |  \ /   - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ |   X    - No proprietary attachments
phone: +49-170-4527211       |  / \   - Respect for open standards
                             | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign