[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Photuris Cookies
"Housley, Russ" says:
> The more that I look at cookies, I realize that they are only needed
> because Phorutis is running over a connectionless service (IP/UDP). If you
> were to run over a connection-oriented service like TCP, the connection
> establishment would provice the liveness checking that you need.
Russ;
Following yesterdays formal announcement of the open use of Morris
style sequence number guess attacks against sites, and the well known
fact that spoofed TCP SYN packets are a great denial of service
attack, are you sure you timed this posting properly :-)
Frankly, I want TCPng if there ever is one to incorporate cookies --
they are the only way I can think of to stop spoof-based denial of
service attacks of the second type I mention above, and it is a shame
that TCP doesn't have them now. Phil's invention is pretty impressive.
Perry
References: