[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Photuris Cookies

To: "Housley, Russ" <rhousley@spyrus.com>
Subject: Re: Photuris Cookies
From: "Perry E. Metzger" <perry@imsi.com>
Date: Wed, 25 Jan 1995 15:16:45 -0500
Cc: ipsec@ans.net, karn@qualcomm.com
In-Reply-To: Your message of "Wed, 25 Jan 1995 10:54:37." <9500257910.AA791060077@spysouth.spyrus.com>
Reply-To: perry@imsi.com


"Housley, Russ" says:
> The more that I look at cookies, I realize that they are only needed 
> because Phorutis is running over a connectionless service (IP/UDP).  If you 
> were to run over a connection-oriented service like TCP, the connection 
> establishment would provice the liveness checking that you need.

Russ;

Following yesterdays formal announcement of the open use of Morris
style sequence number guess attacks against sites, and the well known
fact that spoofed TCP SYN packets are a great denial of service
attack, are you sure you timed this posting properly :-)

Frankly, I want TCPng if there ever is one to incorporate cookies --
they are the only way I can think of to stop spoof-based denial of
service attacks of the second type I mention above, and it is a shame
that TCP doesn't have them now. Phil's invention is pretty impressive.

Perry

References:

Photuris Cookies

From: "Housley, Russ" <rhousley@spyrus.com>

Prev by Date: Re: AH-MD5
Next by Date: Re: Photuris Cookies
Prev by thread: Photuris Cookies
Next by thread: Re: Photuris Cookies
Index(es):
- Main
- Thread