Re: [tcpm] I-D ACTION:draft-ietf-tcpm-syn-flood-00.txt

Wesley Eddy <weddy@grc.nasa.gov> Thu, 20 July 2006 19:47 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3eUV-0000Ec-A4; Thu, 20 Jul 2006 15:47:23 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3eUT-0000CC-Q6 for tcpm@ietf.org; Thu, 20 Jul 2006 15:47:21 -0400
Received: from mx1.grc.nasa.gov ([128.156.11.68]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G3eUS-0008C1-F7 for tcpm@ietf.org; Thu, 20 Jul 2006 15:47:21 -0400
Received: from lombok-fi.grc.nasa.gov (seraph1.grc.nasa.gov [128.156.10.10]) by mx1.grc.nasa.gov (Postfix) with ESMTP id A33E6C29E for <tcpm@ietf.org>; Thu, 20 Jul 2006 15:47:19 -0400 (EDT)
Received: from apataki.grc.nasa.gov (apataki.grc.nasa.gov [139.88.112.35]) by lombok-fi.grc.nasa.gov (NASA GRC TCPD 8.13.7/8.13.7) with ESMTP id k6KJlJ5U006181 for <tcpm@ietf.org>; Thu, 20 Jul 2006 15:47:19 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by apataki.grc.nasa.gov (NASA GRC TCPD 8.13.7/8.13.7) with ESMTP id k6KJlIVP022663 for <tcpm@ietf.org>; Thu, 20 Jul 2006 15:47:19 -0400 (EDT)
Received: from apataki.grc.nasa.gov ([127.0.0.1])by localhost (apataki.grc.nasa.gov [127.0.0.1]) (amavisd-new, port 10024)with ESMTP id 18291-28 for <tcpm@ietf.org>;Thu, 20 Jul 2006 15:47:12 -0400 (EDT)
Received: from drpepper.grc.nasa.gov (gr2134391.grc.nasa.gov [139.88.44.123])by apataki.grc.nasa.gov (NASA GRC TCPD 8.13.7/8.13.7) with ESMTP id k6KJlBOM022575for <tcpm@ietf.org>; Thu, 20 Jul 2006 15:47:11 -0400 (EDT)
Received: by drpepper.grc.nasa.gov (Postfix, from userid 501)id 5A5624FCE4; Thu, 20 Jul 2006 15:47:34 -0400 (EDT)
Date: Thu, 20 Jul 2006 15:47:34 -0400
From: Wesley Eddy <weddy@grc.nasa.gov>
To: tcpm@ietf.org
Subject: Re: [tcpm] I-D ACTION:draft-ietf-tcpm-syn-flood-00.txt
Message-ID: <20060720194734.GC3239@grc.nasa.gov>
References: <E1G3I3V-0006GQ-SA@stiedprstage1.ietf.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <E1G3I3V-0006GQ-SA@stiedprstage1.ietf.org>
User-Agent: Mutt/1.5.5.1i
X-imss-version: 2.040
X-imss-result: Passed
X-imss-scores: Clean:99.90000 C:2 M:4 S:5 R:5
X-imss-settings: Baseline:2 C:1 M:1 S:1 R:1 (0.1500 0.1500)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: weddy@grc.nasa.gov
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

On Wed, Jul 19, 2006 at 03:50:01PM -0400, Internet-Drafts@ietf.org wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the TCP Maintenance and Minor Extensions Working Group of the IETF.
> 
> 	Title		: TCP SYN Flooding Attacks and Common Mitigations
> 	Author(s)	: W. Eddy
> 	Filename	: draft-ietf-tcpm-syn-flood-00.txt
> 	Pages		: 19
> 	Date		: 2006-7-19
> 	
> This document describes TCP SYN flooding attacks, which have been
> well-known to the community for several years.  Various
> countermeasures against these attacks, and the trade-offs of each,
> are described.  This document archives explanations of the attack and
> common defense techniques for the benefit of TCP implementers and
> administrators of TCP servers or networks.
> 
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-tcpm-syn-flood-00.txt
> 


As discussed in Montreal, we are looking for comments from people who
have implemented or used the defense mechanisms discussed in this draft.
The draft includes some data on specific implementations, which I
believe are accurate, but I strongly encourage people associated with
vendors or open-source projects to verify this, or help augment the
content.  There are a couple of major operating systems that are not
currently discussed.  We also would be interested in input from
operators as to which defenses are commonly turned on/off.


-- 
Wesley M. Eddy
Verizon Federal Network Systems

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm