[e2e] Can we revive T/TCP ?
Charles M. Hannum
mycroft at netbsd.org
Fri Mar 24 12:48:04 PST 2006
On Fri, Mar 24, 2006 at 11:11:15AM -0800, Bob Braden wrote:
> (3) I have heard rumors that someone has found an error in the
> specific state transitions, of T/TCP although I have never seen
> the details.
I'm not sure whether you're referring to me or not, since I was the one
who originally made this claim (back in 1996). The specific problem is
that the state diagrams in RFC 793 indicate that a SYN-FIN packet should
be *dropped*. T/TCP systems will sometimes send SYN-FIN packets even to
non-T/TCP systems. I had to change the TCP processing in NetBSD (back
in 1996) to work around this (by simply ignoring the FIN and letting it
be retransmitted later) and remain compatible with BSD/OS and FreeBSD
hosts. ISTR ka9q made a similar change, for the same reason.
I highly recommend Googling for "T/TCP security". The first hit is, not
surprisingly, my old draft from 1996 -- but there are now a bunch of
other papers, comments from IETF working groups, etc., on the same
issues. As well as the FreeBSD security advisory about one of the holes
that I mentioned (1.5 years after my draft, after the hole was used to
break into the FreeBSD CVS repository).
More information about the end2end-interest
mailing list