Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

RE: Inappropriate TCP Resets Considered Harmful
From: Ben Nagy <ben.nagy () marconi com au>
Date: Mon, 14 May 2001 11:33:12 +1000

Well, DUH. ;)

But why is trying to connect twice instead of once inherently bad? It's not
like the Internet isn't chatty already. These double connects would occur in
the wild, sometimes, just because of transmission delay and agressive
initial retry timeouts. It's hardly going to Break The Internet, and it
seems like a decent way for the ECNophiles to be able to gracefully phase
things in.

I thought you were going to go on about how you'd need extra state in the
TCP stack to work out whether it was in ECN or non-ECN SYN-SENT and how the
implementation could lead to nasty problems etc etc.


Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520  PGP Key ID: 0x1A86E304 

-----Original Message-----
From: Darren Reed [mailto:darrenr () reed wattle id au]
Retrying in response to an RST is bad because an RST is not 
an indicator
of a communications problem.  It is saying that the service 
is not available.
firewall-wizards mailing list
firewall-wizards () nfr com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]