| To: | jamal <hadi@xxxxxxxxxx>, Chris Wedgwood <cw@xxxxxxxx> |
|---|---|
| Subject: | Re: ECN: Clearing the air |
| From: | Pavel Machek <pavel@xxxxxxx> |
| Date: | Sun, 28 Jan 2001 22:55:30 +0100 |
| Cc: | linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <Pine.GSO.4.30.0101272110470.24762-100000@xxxxxxxxxxxxxxxx>; from jamal on Sat, Jan 27, 2001 at 09:15:48PM -0500 |
| References: | <20010128150813.A1595@xxxxxxxxxxxxxxxxxxx> <Pine.GSO.4.30.0101272110470.24762-100000@xxxxxxxxxxxxxxxx> |
| Sender: | owner-netdev@xxxxxxxxxxx |
Hi! > > suggested blocking ECN. Article at: > > > > > > http://www.securityfocus.com/frames/?focus=ids&content=/focus/ids/articles/portscan.html > > > > the site is now ATM -- can someone briefly explain the logic in > > blocking it? > > It is Queso they quoted not nmap, sorry -- same thing. > The idea is to "detect" port scanners. > Queso sets the two TCP reserved bits in the SYN (now allocated for ECN). > Some OSes reflect that back in the SYN-ACK (Linux < 2.0.2? for example > was such a culprit). Does not that mean that Linux 2.0.10 mistakenly announces it is ECN capable when offered ECN connection? Pavel -- I'm pavel@xxxxxxx "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at discuss@xxxxxxxxxxxxx |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | More measurements, Andrew Morton |
|---|---|
| Next by Date: | RE: sendfile+zerocopy: fairly sexy (nothing to do with ECN), Antonin Kral |
| Previous by Thread: | Re: ECN: Clearing the air, jamal |
| Next by Thread: | Re: ECN: Clearing the air, Walter Hofmann |
| Indexes: | [Date] [Thread] [Top] [All Lists] |