FreeBSD TCP stealth
Hello, Is there any work started or in progress to implement TCP stealth in our kernel as proposed to IETF in https://datatracker.ietf.org/doc/draft-kirsch-ietf-tcp-stealth/ The idea is that the client put some magic value in the ISN of the first SYN pkg which is derived from a secret the client and the server share. The server can check the ISN and decide if it will answer the SYN pkg or do a RST, for example. Vy 73 matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X- No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: FreeBSD TCP stealth
El día Monday, October 20, 2014 a las 09:25:28AM +0200, Matthias Apitz escribió: Hello, Is there any work started or in progress to implement TCP stealth in our kernel as proposed to IETF in https://datatracker.ietf.org/doc/draft-kirsch-ietf-tcp-stealth/ The idea is that the client put some magic value in the ISN of the first SYN pkg which is derived from a secret the client and the server share. The server can check the ISN and decide if it will answer the SYN pkg or do a RST, for example. For Linux wip see also: https://gnunet.org/knock matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X- No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: FreeBSD TCP stealth
I am not aware of any work but adding -net to get more networking eyeballs. On Mon, Oct 20, 2014 at 1:23 AM, Matthias Apitz g...@unixarea.de wrote: El día Monday, October 20, 2014 a las 09:25:28AM +0200, Matthias Apitz escribió: Hello, Is there any work started or in progress to implement TCP stealth in our kernel as proposed to IETF in https://datatracker.ietf.org/doc/draft-kirsch-ietf-tcp-stealth/ The idea is that the client put some magic value in the ISN of the first SYN pkg which is derived from a secret the client and the server share. The server can check the ISN and decide if it will answer the SYN pkg or do a RST, for example. For Linux wip see also: https://gnunet.org/knock matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X- No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org