lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130808000412.GF32257@order.stressinduktion.org>
Date:	Thu, 8 Aug 2013 02:04:12 +0200
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	David Miller <davem@...emloft.net>
Cc:	kaber@...sh.net, eric.dumazet@...il.com, pablo@...filter.org,
	netfilter-devel@...r.kernel.org, netdev@...r.kernel.org,
	mph@....com, jesper.brouer@...il.com, as@....com
Subject: Re: [PATCH RFC 0/5] netfilter: implement netfilter SYN proxy

On Wed, Aug 07, 2013 at 04:40:56PM -0700, David Miller wrote:
> From: Hannes Frederic Sowa <hannes@...essinduktion.org>
> Date: Wed, 7 Aug 2013 23:05:40 +0200
> 
> > It seems, Windows stopped using tcp timestamps at least in windows 8 by
> > default.
> 
> Thankfully, Android device outnumber Windows 8 installs
> by... something like 1,000 to 1, right?

Heh, at minimum. :)

> I throw a huge "doesn't matter" to whatever Windows's TCP stack
> decides to do.  It absolutely should not dictate whether we decide to
> make use of this or that feature of TCP.  It's a bit player at best.
> 
> So if Windows 8 is the reason you're saying we shouldn't use
> timestamps for anything, you're wrong.

Actually, I don't care at all, because I don't do anything with windows
and don't get paid by anyone who wants me to care. ;)

But if we switch to a similar scheme as freebsd we can even care
less because even if some other operating systems or a major provider
decides to disable timestamps on their devices, we would still have
window scaling, sack (and ecn?) under syn dos. So, I do think it is an
improvement and don't see any disadvantages.

So, I don't care as long as the change (and siphash or maybe another
hashing scheme) is secure enough...

Greetings,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ