Re: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denialof Service Attack
From: Paul Jakma
Date: Tue Sep 14 2004 - 10:09:35 EST
On Mon, 13 Sep 2004, Ville Hallivuori wrote:
Actually you can treat TCP session failure as transient error. Just
use BGP graceful restart (witch basically allows re-opening TCP
connection without losing routing tables).
http://www.ietf.org/internet-drafts/draft-ietf-idr-restart-10.txt
Hmm, yes, I hadnt thought of the attack-mitigating aspects of
graceful restart. Though, without other measures, the session is
still is open to abuse (send RST every second).
regards,
--
Paul Jakma paul@xxxxxxxx paul@xxxxxxxxx Key ID: 64A2FF6A
Fortune:
Wit, n.:
The salt with which the American Humorist spoils his cookery
... by leaving it out.
-- Ambrose Bierce, "The Devil's Dictionary"
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/