netdev
[Top] [All Lists]

Re: defending against syn flood attacks

To: Oskar Andreasson <blueflux@xxxxxxxxxxx>
Subject: Re: defending against syn flood attacks
From: "John S. Denker" <jsd@xxxxxxxxxxxx>
Date: Tue, 01 Apr 2003 15:58:52 -0500
Cc: "David S. Miller" <davem@xxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <Pine.LNX.4.44.0304012156390.22941-100000@xxxxxxxxxxxxxx>
References: <Pine.LNX.4.44.0304012156390.22941-100000@xxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030323
On 04/01/2003 02:59 PM, Oskar Andreasson wrote:
TCP syncookies "seriously violates the TCP protocol"
>> ... statement written by Alexey.

Those who are interested in defending against
syn flood attacks without seriously violating the
TCP protocol may be interested in the following:


               Abstract

The protocol of the present invention includes two new
first level protocols and several embodiments of a
second level protocol. The two new first level protocols
of the present invention include the TCP2B protocol and
the TCP2E protocol. In the TCP2B protocol, both client
and server indicate their support for this protocol using
one or more bits in TCP header. According to the
TCP2B protocol, the client retransmits its requested
options in the ACK message so the server need not
store the options after the connection request. In the
TCP2E protocol, the server maintains a Friends Table
listing addresses of device recently observed to be
complying with TCP. If a client's address is on the
Friends Table, the connection request is processed
according to TCP. Otherwise, the server sends an ACK
message to the client to prompt the client to send a
reset message. The client's address can then be added
to the Friends Table.

The patent is held by AT&T.  I have no idea how hard it
would be to get a license.

http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1=5,958,053.WKU.+5,958,053.WKU.&OS=PN/5,958,053+OR+PN/5,958,053&RS=PN/5,958,053+OR+PN/5,958,053


<Prev in Thread] Current Thread [Next in Thread>