Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Ambiguities in TCP/IP - firewall bypassing
From: Tony Finch <dot () dotat at>
Date: Sat, 19 Oct 2002 02:33:57 +0100

Alun Jones <alun () texis com> wrote:

Not necessarily.  Have you heard of T/TCP?  Before that was around, I 
remember hearing discussion of using a packet with SYN, FIN, and data all 
in one, to cut down on round-trips in really short communications, while 
still providing reliability.

One of the problems with T/TCP on the wider Internet is that it is almost
as vulnerable to source address spoofing as UDP, so security facilities
like those provided by tcp_wrappers (and built in to many daemons) are
no longer so effective. With vanilla TCP, the T/TCP combination of SYN+
data+FIN isn't useful, because the passive end should discard data that
arrives before the handshake is completed in order to preserve its spoof-
resistence, therefore requiring a retransmit.

Tony.
-- 
f.a.n.finch <dot () dotat at> http://dotat.at/
FORTIES CROMARTY FORTH TYNE DOGGER: NORTHWESTERLY 4 OR 5, OCCASIONALLY 6.
SHOWERS. GOOD.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault