In article <[EMAIL PROTECTED]>, Julian Elischer <[EMAIL PROTECTED]> wrote: > Richard Stevens was the great T/TCP proponent. Since his untimely > demise, it has been languishig.. I think many firewalls now routinely > block packets with both SYN and FIN which is what T/TCP does.
Accepting incoming T/TCP creates a pretty serious DoS vulnerability, doesn't it? The very first packet contains the request, which the server must act upon and reply to without further delay. There is no 3-way handshake, so a simple attack using spoofed source addresses can impose a huge load on the victim. John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
