From: Gregory Maxwell <greg@linuxpower.cx>
To: Frank v Waveren <fvw@var.cx>
Cc: David Wagner <daw@cs.berkeley.edu>, linux-kernel@vger.kernel.org
Subject: Re: hotmail not dealing with ECN
Date: Sat, 27 Jan 2001 14:20:32 -0500 [thread overview]
Message-ID: <20010127142032.E6821@xi.linuxpower.cx> (raw)
In-Reply-To: <Pine.LNX.4.21.0101250041440.1498-100000@srv2.ecropolis.com> <14960.56461.296642.488513@pizda.ninka.net> <3A70DDC4.6D1DB1EC@transmeta.com> <3A713B3F.24AC9C35@idb.hist.no> <94tho8$627$1@abraham.cs.berkeley.edu> <20010127191809.A3727@var.cx>
In-Reply-To: <20010127191809.A3727@var.cx>; from fvw@var.cx on Sat, Jan 27, 2001 at 07:18:09PM +0100
On Sat, Jan 27, 2001 at 07:18:09PM +0100, Frank v Waveren wrote:
> On Sat, Jan 27, 2001 at 04:10:48AM +0000, David Wagner wrote:
> > Practice being really, really paranoid. Think: You're designing a
> > firewall; you've got some reserved bits, currently unused; any future code
> > that uses them could behave in completely arbitrary and insecure ways,
> > for all you know. Now recall that anything not known to be safe should
> > be denied (in a good firewall) -- see Cheswick and Bellovin for why.
> > When you take this point of view, it is completely understandable why
> > firewalls designed before ECN was introduced might block it.
>
> Why? Why not just zero them, and get both security and compatibility...
Eeek! NO!!!! NO NO NO NO NO NO NO!
For ECN that would have worked, but that doesn't mean that something
couldn't have been implimented there that wouldn't have worked that way..
I think that older Checkpoint firewalls (perhaps current?) zeroed out SACK
on 'hide nat'ed connections. This causes unreasonable stalls for users on
SACK enabled clients. Not cool.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2001-01-27 19:20 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-01-25 5:43 hotmail not dealing with ECN Jeremy Hansen
2001-01-25 7:37 ` Juri Haberland
2001-01-25 9:06 ` David S. Miller
2001-01-26 1:12 ` Lincoln Dale
2001-01-25 23:31 ` H. Peter Anvin
2001-01-26 1:30 ` David S. Miller
2001-01-26 1:38 ` H. Peter Anvin
2001-01-26 1:43 ` David S. Miller
2001-01-26 1:49 ` H. Peter Anvin
2001-01-26 2:10 ` David S. Miller
2001-01-26 2:15 ` H. Peter Anvin
2001-01-26 8:54 ` Helge Hafting
2001-01-26 18:04 ` Rick Jones
2001-01-27 7:11 ` Rusty Russell
2001-01-31 10:56 ` Alan Cox
2001-01-27 4:10 ` David Wagner
2001-01-27 4:59 ` Brian May
2001-01-27 18:18 ` Frank v Waveren
2001-01-27 19:20 ` Gregory Maxwell [this message]
2001-01-27 19:22 ` Frank v Waveren
2001-01-27 19:58 ` Jamie Lokier
2001-01-27 20:14 ` Gregory Maxwell
2001-01-27 22:18 ` David Schwartz
2001-01-27 23:09 ` James Sutherland
2001-01-28 0:11 ` Gregory Maxwell
2001-01-28 1:10 ` Dominik Kubla
2001-01-28 4:35 ` [OT] " Gregory Maxwell
2001-01-28 12:57 ` Dominik Kubla
2001-01-28 15:45 ` Michael H. Warfield
2001-01-28 19:30 ` Gregory Maxwell
2001-01-28 22:16 ` Dominik Kubla
2001-01-28 8:48 ` James Sutherland
2001-01-28 0:06 ` Gregory Maxwell
2001-01-28 3:27 ` David Schwartz
2001-01-28 0:58 ` David Lang
2001-01-26 2:24 ` Johannes Erdfelt
2001-01-26 3:03 ` Brian May
2001-01-26 5:06 ` Jeremy M. Dolan
2001-01-26 14:04 ` Florian Weimer
2001-01-27 10:00 ` Rogier Wolff
2001-01-31 10:46 ` Alan Cox
2001-01-26 10:37 ` Matti Aarnio
2001-01-26 11:32 ` David S. Miller
2001-01-26 11:40 ` James Sutherland
2001-01-26 11:44 ` Lars Marowsky-Bree
2001-01-26 13:44 ` James Sutherland
2001-01-26 14:44 ` Lars Marowsky-Bree
2001-01-26 15:03 ` Jamie Lokier
2001-01-26 15:14 ` David S. Miller
2001-01-26 15:24 ` Jamie Lokier
2001-01-26 17:05 ` ECN Simon Kirby
2001-01-26 18:12 ` ECN Andrea Arcangeli
2001-01-26 15:16 ` hotmail not dealing with ECN Dominik Kubla
2001-01-26 15:27 ` Jamie Lokier
2001-01-26 22:26 ` Dominik Kubla
2001-01-26 22:30 ` H. Peter Anvin
2001-01-26 15:35 ` Marian Jancar
2001-01-26 16:28 ` H. Peter Anvin
2001-01-28 1:59 ` Dax Kelson
2001-01-28 16:51 ` Jamie Lokier
2001-01-26 23:47 ` ECN -? Anything _I_ need to do to allow it? List User
2001-01-27 9:58 ` Matti Aarnio
2001-01-26 11:50 ` hotmail not dealing with ECN David S. Miller
2001-01-26 13:52 ` James Sutherland
2001-01-26 13:54 ` David S. Miller
2001-01-26 14:12 ` Jamie Lokier
2001-01-26 15:08 ` James Sutherland
2001-01-26 15:13 ` Lars Marowsky-Bree
2001-01-26 15:29 ` James Sutherland
2001-01-26 15:55 ` Chris Ricker
2001-01-26 18:37 ` Henning P. Schmiedehausen
2001-01-26 19:17 ` Matti Aarnio
2001-01-26 19:55 ` Jeremy M. Dolan
2001-01-26 15:34 ` Jamie Lokier
2001-01-26 17:37 ` Drago Goricanec
2001-01-26 14:11 ` Jamie Lokier
2001-01-26 18:19 ` Olaf Titz
2001-01-26 14:10 ` Jamie Lokier
2001-01-26 14:39 ` David S. Miller
2001-01-26 14:46 ` Lars Marowsky-Bree
2001-01-26 14:50 ` David S. Miller
2001-01-26 14:57 ` Jamie Lokier
2001-01-27 0:18 ` Thunder from the hill
2001-01-27 0:15 ` Thunder from the hill
-- strict thread matches above, loose matches on Subject: below --
2001-01-25 17:26 Bernd Eckenfels
2001-01-26 7:53 Bernd Eckenfels
2001-01-26 16:04 Randal, Phil
2001-01-26 16:37 ` Lars Marowsky-Bree
2001-01-26 17:18 ` Tony Hoyle
2001-01-26 18:42 ` Henning P. Schmiedehausen
2001-01-31 16:45 ` Alan Cox
2001-01-26 17:28 ` Miquel van Smoorenburg
2001-01-26 21:21 ` David Ford
2001-01-29 9:42 ` Helge Hafting
2001-01-26 17:14 James Sutherland
2001-01-26 23:25 ` Daniel Chemko
2001-01-26 19:43 ` Chris Meadors
2001-01-29 14:57 ` Thunder from the hill
2001-01-26 17:53 Adam J. Richter
2001-01-26 17:57 ` H. Peter Anvin
2001-01-26 18:15 ` Alan Shutko
2001-01-26 18:32 ` Graham Murray
[not found] <980523239.30846@whiskey.enposte.net>
2001-01-26 21:52 ` Stuart Lynne
2001-01-26 21:59 ` Michael H. Warfield
2001-01-27 9:48 ` Matti Aarnio
2001-01-27 18:55 Bernd Eckenfels
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010127142032.E6821@xi.linuxpower.cx \
--to=greg@linuxpower.cx \
--cc=daw@cs.berkeley.edu \
--cc=fvw@var.cx \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox