[e2e] T/TCP usage
Charles M. Hannum
mycroft at netbsd.org
Fri Oct 1 15:46:47 PDT 2004
On Friday 01 October 2004 20:30, John Kristoff wrote:
> After reviewing some of the Internet's protocol designs this afternoon,
> I was making my way through T/TCP and I began to think about some of the
> potential DoS vectors it could introduce. Apparently the potential for
> problems are well known. For example:
>
> <http://www.cl.cam.ac.uk/users/br260/doc/ettcp.pdf>
Also see:
http://midway.sourceforge.net/doc/ttcp-sec.txt
That's a bit old, and I probably wouldn't write it quite the same today, but
there it is. See sections 3 and 4, in particular, for comments about DoS
attacks.
Note that at least two implementations of T/TCP that got some use did not have
a way for servers to selectively enable the use of TAO (or it had the wrong
default; I forget), and that the hole mentioned in section 2 was in fact used
to break into real servers, including at least one case where it was actually
done through the rlogin service, as I specifically mentioned.
In retrospect, I should have expanded more on my comment about it violating
existing RFCs. In fact, we had to change the TCP processing in NetBSD to be
compatible with T/TCP -- previously it would drop a SYN-data-ACK packet, as
prescribed in RFC 793. I believe the same change had to be made in ka9q at
the time.
More information about the end2end-interest
mailing list