[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SYN cookies
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: SYN cookies
- From: "D. J. Bernstein" <djb_(_at_)_cr_(_dot_)_yp_(_dot_)_to>
- Date: 30 Nov 1998 21:45:38 -0000
Angelos D. Keromytis writes:
> The reason TCPCOOKIE is not in options(4) and is not turned on by
> default is because it doesn't work in the presence of "smart" stateful
> packet filtering firewalls.
I haven't looked at the TCPCOOKIE code, but if it causes compatibility
problems then it ain't SYN cookies.
SYN cookies are inherently indistinguishable from any other good method
of choosing TCP sequence numbers---except that they continue to work
when the server runs out of memory for PCBs.
Visit your host, monkey.org