IETF Logo Mail Archive

Re: [tcpm] Faster application handshakes with SYN/ACK payloads

Joe Touch <touch@ISI.EDU> Thu, 31 July 2008 22:19 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AD11328C34E; Thu, 31 Jul 2008 15:19:08 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 096CA28C34E for <tcpm@core3.amsl.com>; Thu, 31 Jul 2008 15:19:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.495
X-Spam-Level:
X-Spam-Status: No, score=-2.495 tagged_above=-999 required=5 tests=[AWL=0.104, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0fun+7XJfs2U for <tcpm@core3.amsl.com>; Thu, 31 Jul 2008 15:19:06 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 3CB8128C34B for <tcpm@ietf.org>; Thu, 31 Jul 2008 15:19:06 -0700 (PDT)
Received: from [172.16.7.194] ([130.129.65.208]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id m6VMI6rA024934 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 31 Jul 2008 15:18:09 -0700 (PDT)
Message-ID: <489239F6.3030303@isi.edu>
Date: Thu, 31 Jul 2008 15:17:26 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: Murali Bashyam <mbcoder@gmail.com>
References: <396556a20807311252j67b1ab26mf6511dbdae780fdd@mail.gmail.com> <9c8209a10807311407s1899eeej5611b7acb5b44976@mail.gmail.com>
In-Reply-To: <9c8209a10807311407s1899eeej5611b7acb5b44976@mail.gmail.com>
X-Enigmail-Version: 0.95.6
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: Adam Langley <agl@imperialviolet.org>, tcpm@ietf.org
Subject: Re: [tcpm] Faster application handshakes with SYN/ACK payloads
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Murali Bashyam wrote:
| There are firewalls that drop SYN packets carrying payload, since it's
| considered anomalous behaviour (rightly so given today's end-user
| behaviour).

Just because a system doesn't expect a packet doesn't mean it's an attack.

Data in SYNs is defined in 793; it can be ignored (i.e., ACK the SYN but
not the data), e.g., to reduce the server state until TWHS completes (or
uses cookies, as well), but dropping those packets is the anomalous
behavior here.

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiSOfYACgkQE5f5cImnZrua3QCggjSiiCngIXXFbetwEjo++jAu
66IAnA0VUQVKV/nCr3HQ0c65WtwknETg
=ku1K
-----END PGP SIGNATURE-----
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email