| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110418144908.55967b06@nehalam> Date: Mon, 18 Apr 2011 14:49:08 -0700 From: Stephen Hemminger <shemminger@...tta.com> To: Mikael Abrahamsson <swmike@....pp.se> Cc: Joe Buehler <aspam@....net>, Eric Dumazet <eric.dumazet@...il.com>, netdev@...r.kernel.org Subject: Re: DSCP values in TCP handshake On Mon, 18 Apr 2011 21:16:35 +0200 (CEST) Mikael Abrahamsson <swmike@....pp.se> wrote: > On Mon, 18 Apr 2011, Joe Buehler wrote: > > > The argument I have seen for not making reflection standard behavior is > > that it is not always appropriate for the application. For example, web > > servers have short requests but large responses so non-identical DSCP > > values might make more sense. > > I'm a router guy. I don't understand this reasoning at all. > > Anyone care to elaborate? > > I'd like reflection be standard and have the application set DSCP if it > needs to. > If the DSCP bits are reflected, then it could allow for even better SYN flood attack. Attacker could maliciously set DSCP to elevate priority processing of his bogus SYN packets and also cause SYN-ACK on reverse path to also take priority. -- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists