Re: [tcpm] I-D ACTION:draft-ietf-tcpm-syn-flood-01.txt
Wesley Eddy <weddy@grc.nasa.gov> Tue, 12 December 2006 14:15 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gu8Px-0000Gs-4l; Tue, 12 Dec 2006 09:15:37 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gu8Pv-0000Gh-SK for tcpm@ietf.org; Tue, 12 Dec 2006 09:15:35 -0500
Received: from mx1.grc.nasa.gov ([128.156.11.68]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gu8Ps-0005YX-Vy for tcpm@ietf.org; Tue, 12 Dec 2006 09:15:35 -0500
Received: from lombok-fi.grc.nasa.gov (seraph.grc.nasa.gov [128.156.10.10]) by mx1.grc.nasa.gov (Postfix) with ESMTP id A281BC224 for <tcpm@ietf.org>; Tue, 12 Dec 2006 09:15:22 -0500 (EST)
Received: from apataki.grc.nasa.gov (apataki.grc.nasa.gov [139.88.112.35]) by lombok-fi.grc.nasa.gov (NASA GRC TCPD 8.13.7/8.13.7) with ESMTP id kBCEFMiV026694 for <tcpm@ietf.org>; Tue, 12 Dec 2006 09:15:22 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by apataki.grc.nasa.gov (NASA GRC TCPD 8.13.7/8.13.7) with ESMTP id kBCEFMNw005934 for <tcpm@ietf.org>; Tue, 12 Dec 2006 09:15:22 -0500 (EST)
Received: from apataki.grc.nasa.gov ([127.0.0.1])by localhost (apataki.grc.nasa.gov [127.0.0.1]) (amavisd-new, port 10024)with ESMTP id 2OmSGC1y-ZVt for <tcpm@ietf.org>; Tue, 12 Dec 2006 09:15:21 -0500 (EST)
Received: from drpepper.grc.nasa.gov (gr2134391.grc.nasa.gov [139.88.44.123])by apataki.grc.nasa.gov (NASA GRC TCPD 8.13.7/8.13.7) with ESMTP id kBCEFLtF005927for <tcpm@ietf.org>; Tue, 12 Dec 2006 09:15:21 -0500 (EST)
Received: by drpepper.grc.nasa.gov (Postfix, from userid 501)id 2645A4FD8F; Tue, 12 Dec 2006 09:13:48 -0500 (EST)
Date: Tue, 12 Dec 2006 09:13:48 -0500
From: Wesley Eddy <weddy@grc.nasa.gov>
To: tcpm@ietf.org
Subject: Re: [tcpm] I-D ACTION:draft-ietf-tcpm-syn-flood-01.txt
Message-ID: <20061212141348.GB19725@grc.nasa.gov>
References: <E1Gts65-0007hd-GR@stiedprstage1.ietf.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="/NkBOFFp2J2Af1nK"
Content-Disposition: inline
In-Reply-To: <E1Gts65-0007hd-GR@stiedprstage1.ietf.org>
User-Agent: Mutt/1.5.5.1i
X-imss-version: 2.045
X-imss-result: Passed
X-imss-scores: Clean:99.90000 C:2 M:3 S:5 R:5
X-imss-settings: Baseline:1 C:2 M:2 S:2 R:2 (0.0000 0.0000)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bcd240e64c427d3d3617cfc704e7fd7f
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: weddy@grc.nasa.gov
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
On Mon, Dec 11, 2006 at 03:50:01PM -0500, Internet-Drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the TCP Maintenance and Minor Extensions Working Group of the IETF. > > Title : TCP SYN Flooding Attacks and Common Mitigations > Author(s) : W. Eddy > Filename : draft-ietf-tcpm-syn-flood-01.txt > Pages : 20 > Date : 2006-12-11 > > This document describes TCP SYN flooding attacks, which have been > well-known to the community for several years. Various > countermeasures against these attacks, and the trade-offs of each, > are described. This document archives explanations of the attack and > common defense techniques for the benefit of TCP implementers and > administrators of TCP servers or networks. > A gzipped rfcdiff output between this version and the previous version is attached. The changes are pretty small, mainly consisting of: . added short description of the new FreeBSD use of the Timestamp field to extend the amount of bits available for SYN cookies, and enable window scaling, SACK, etc. in conjunction with SYN cookies. . clarified document scope only includes SYN flooding directed at over-running a TCP stack, not attacks aiming to over-run a network ("lower" rate attacks, not high rate attacks) . added discussion of applications where the passive side sends the first data and how SYN cookies can be problematic for these applications -- Wesley M. Eddy Verizon Federal Network Systems
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] I-D ACTION:draft-ietf-tcpm-syn-flood-01.txt Internet-Drafts
- Re: [tcpm] I-D ACTION:draft-ietf-tcpm-syn-flood-0… Wesley Eddy