[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SYN cookies

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: SYN cookies
From: "D. J. Bernstein" <djb_(_at_)_cr_(_dot_)_yp_(_dot_)_to>
Date: 30 Nov 1998 21:45:38 -0000

Angelos D. Keromytis writes:
> The reason TCPCOOKIE is not in options(4) and is not turned on by
> default is because it doesn't work in the presence of "smart" stateful
> packet filtering firewalls.

I haven't looked at the TCPCOOKIE code, but if it causes compatibility
problems then it ain't SYN cookies.

SYN cookies are inherently indistinguishable from any other good method
of choosing TCP sequence numbers---except that they continue to work
when the server runs out of memory for PCBs.

---Dan

Prev by Date: Re: floppy24.fs from -current dumping
Next by Date: JOBOP Systems Engineer
Previous by thread: SYN cookies
Next by thread: "_" in hostnames
Index(es):
- Date
- Thread

Visit your host, monkey.org