[e2e] ISN regeneration when Stateless SYN cookies are used
Michael B Greenwald
mbgreen at dsl.cis.upenn.edu
Thu Oct 18 06:13:58 PDT 2001
Thu, 18 Oct 2001 12:34:10 +0530
"gangadharan annapurna" <nallu17 at hotmail.com>
I had a question about the Stateless SYN
cookie approach to solve the Denial of Service attack.
The linux kernel has implemented this for quite some
time now. ...
In the meantime the client gets the OLD SYN and it accepts
it and the connection goes to established state. A TCB is
created.
Now when the new SYN+ACK arrives and if the new ISN falls
within the Receive window of the client, then the packet
is wrongly accepted. How do we handle this issue ?
The packet is not accepted. If you get a SYN while in established state
then you are supposed to send a reset. At least, that's how TCP used to
work.
More information about the end2end-interest
mailing list