[e2e] Can we revive T/TCP ?

[Charles M. Hannum]

On Monday 26 December 2005 18:31, Michael Welzl wrote:
> Here's something that I've had on my mind for quite a while now:
> I'm wondering why T/TCP ( RFC 1644 ) failed. I mean, nobody seems
> to use it. I believe someone explained this to me once (perhaps even
> on this list? but I couldn't find this in the archives...), saying that
> there
> were security concerns with it, but I don't remember any other details.

Here's what I wrote last time this came up:

From: "Charles M. Hannum" <mycroft at netbsd.org>
Organization: The NetBSD Project
To: end2end-interest at postel.org
Subject: Re: [e2e] T/TCP usage
Date: Fri, 1 Oct 2004 22:46:47 +0000
Message-Id: <200410012246.47945.mycroft at netbsd.org>

On Friday 01 October 2004 20:30, John Kristoff wrote:
> After reviewing some of the Internet's protocol designs this afternoon,
> I was making my way through T/TCP and I began to think about some of the
> potential DoS vectors it could introduce.  Apparently the potential for
> problems are well known.  For example:
>
>   <http://www.cl.cam.ac.uk/users/br260/doc/ettcp.pdf>

Also see:

http://midway.sourceforge.net/doc/ttcp-sec.txt

That's a bit old, and I probably wouldn't write it quite the same today, but
there it is.  See sections 3 and 4, in particular, for comments about DoS
attacks.

Note that at least two implementations of T/TCP that got some use did not have
a way for servers to selectively enable the use of TAO (or it had the wrong
default; I forget), and that the hole mentioned in section 2 was in fact used
to break into real servers, including at least one case where it was actually
done through the rlogin service, as I specifically mentioned.

In retrospect, I should have expanded more on my comment about it violating
existing RFCs.  In fact, we had to change the TCP processing in NetBSD to be
compatible with T/TCP -- previously it would drop a SYN-data-ACK packet, as
prescribed in RFC 793.  I believe the same change had to be made in ka9q at
the time.