Re: [PATCH][RESEND] Update of tcp_syncookies explanation

Re: [PATCH][RESEND] Update of tcp_syncookies explanation

[Oskar Andreasson]

Hi David,

Thanks for the reply! It was much appreciated, and I will do what I can to 
iron any problems out. (Also, I am very sorry for putting you or anyone 
else out there)

My final question is this... could you give any tip on what specifics to 
look/search for? I've been searching through the archives available at 
http://oss.sgi.com/projects/netdev/archive/ for every single inclusion of 
SYN in any of the archives by now, but could not find any specifics on 
_what_ the syn cookies breaks, or why, except for ECN, SACK and 
timestamps:/. 

I have also checked through the source code as well as I could, as well as
Mr. Bernsteins algorithms, searched the net at large with 3 search 
engines... and I am still not clever enough to figure it out.

In short, what I am trying to ask for is simply some kind of hints on
where to look... I hope you don't mind. 

Thanks!

PS. David, sorry for sending this in private before, no bad intentions 
meant. DS.

On Tue, 1 Apr 2003, David S. Miller wrote:

>    From: Oskar Andreasson <blueflux@koffein.net>
>    Date: Tue, 1 Apr 2003 19:33:13 +0200 (CEST)
> 
>    If anyone has any objections against this patch, please tell me so, with 
>    an explanation of why! 
>    
> You didn't explain how TCP syncookies "seriously violates the TCP
> protocol" yet you choose to remove that statement written by Alexey.
> 
> Either retain Alexey's statement (because it's true) or replace it
> with proper text.
> 
> I'm not going into the details of how syncookies violates the TCP
> protocol here, that has been hashed out many times on netdev and
> linux-net years in the past, so I direct people to search up such
> discussions instead of starting up yet another flame war here about
> the topic.  Thanks.
> 
> 
> 

-- 
----
Oskar Andreasson
http://www.frozentux.net
http://iptables-tutorial.frozentux.net
http://ipsysctl-tutorial.frozentux.net
mailto:blueflux@koffein.net

Re: defending against syn flood attacks

[John S. Denker]

On 04/01/2003 02:59 PM, Oskar Andreasson wrote:
>>   
>> TCP syncookies "seriously violates the TCP protocol" 
 >> ... statement written by Alexey.

Those who are interested in defending against
syn flood attacks without seriously violating the
TCP protocol may be interested in the following:


                Abstract

The protocol of the present invention includes two new
first level protocols and several embodiments of a
second level protocol. The two new first level protocols
of the present invention include the TCP2B protocol and
the TCP2E protocol. In the TCP2B protocol, both client
and server indicate their support for this protocol using
one or more bits in TCP header. According to the
TCP2B protocol, the client retransmits its requested
options in the ACK message so the server need not
store the options after the connection request. In the
TCP2E protocol, the server maintains a Friends Table
listing addresses of device recently observed to be
complying with TCP. If a client's address is on the
Friends Table, the connection request is processed
according to TCP. Otherwise, the server sends an ACK
message to the client to prompt the client to send a
reset message. The client's address can then be added
to the Friends Table.

The patent is held by AT&T.  I have no idea how hard it
would be to get a license.

http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1=5,958,053.WKU.+5,958,053.WKU.&OS=PN/5,958,053+OR+PN/5,958,053&RS=PN/5,958,053+OR+PN/5,958,053