John Polstra wrote: > Accepting incoming T/TCP creates a pretty serious DoS vulnerability, > doesn't it? The very first packet contains the request, which the > server must act upon and reply to without further delay. There is no > 3-way handshake, so a simple attack using spoofed source addresses can > impose a huge load on the victim.
Right. It's reasonable to use T/TCP when the transactions contain an authenticator, and in a VPN. For public access, it's subject to attacks for which there are no adequate countermeasures. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
