[e2e] ISN regeneration when Stateless SYN cookies are used
Vernon Schryver
vjs at calcite.rhyolite.com
Thu Oct 18 17:25:11 PDT 2001
> From: Michael B Greenwald <mbgreen at dsl.cis.upenn.edu>
> ...
> Well, we've gone from a correctness problem to a performance problem.
> ...
If you check various archives for discussions about how to deal with
SYN attacks, you'll find other solutions to the SYN attack problem
and reasons why some of us think the "magic cookie" solution suffers
insurmountable correctness problems. I think that if there were not
good and sufficient alternatives to the magic cookie solution, it
would be tolerable, but there are and so it isn't.
That the magic cookie solution was entangled with a well known personality
problem might be one reason why this current thread has been so thin.
No one who has reviewed and understood those archives and is not a member
of that cult of personality has any appetite for the flame fest that
any comments about the common and widely implemented alternatives would
invoke. (I've probably triggered the flame fest. Oh well.)
Note also that this is probably not a researchy end-to-end issue
but a TCP implementation question.
Vernon Schryver vjs at rhyolite.com
More information about the end2end-interest
mailing list