Re: RST not emitted on listen backlog full?

To: Chuck Swiger <cswiger%mac.com@localhost>
Subject: Re: RST not emitted on listen backlog full?
From: Steven Bellovin <smb%cs.columbia.edu@localhost>
Date: Tue, 11 May 2010 13:15:23 -0400

On May 11, 2010, at 12:26 24PM, Chuck Swiger wrote:

> On May 11, 2010, at 8:34 AM, Michael Richardson wrote:
>> I think the behaviour (TCP RST vs retransit) needs to be sysctl'able, or 
>> setsockopt()able.
> 
> There's already SO_RCVTIMEO for setsockopt() which should be usable for the 
> purpose on the client side...?
> 
> The thing is, RFC-793 is pretty clear about when to RST and when not to.  
> You're supposed to RST connection attempt requests when you know they are 
> invalid (ie, to a port which is closed and so forth); but there is nothing 
> which suggests it's OK to RST for a valid connection attempt to an open 
> port-- see the "SEGMENT ARRIVES" section.

I mostly agree.  The question is whether an RST is a better response if you're 
enduring a SYN flood attack.  I suspect that the answer is that it doesn't 
matter much, since the bad guys will just keep sending, but it does bear a bit 
more thought.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

References:
- RST not emitted on listen backlog full?
  - From: Thor Simon
- Re: RST not emitted on listen backlog full?
  - From: Chuck Swiger
- Re: RST not emitted on listen backlog full?
  - From: Michael Richardson
- Re: RST not emitted on listen backlog full?
  - From: Chuck Swiger

Prev by Date: Re: RST not emitted on listen backlog full?
Next by Date: Wireless card unrecognized
Previous by Thread: Re: RST not emitted on listen backlog full?
Next by Thread: Wireless card unrecognized
Indexes:

Home | Main Index | Thread Index | Old Index