ietf
[Top] [All Lists]

Re: Re[6]: www.isoc.org unreachable when ECN is used

2003-12-11 15:15:56
There are a lot of really dumb, dumb, dumb firewall authors out there,
that's why....

Actually, Sally Floyd's explanation makes a lot more sense.

The dumb authors, I think, are those who built Linux implementations
that doggedly attempt to negotiate ECN and are unprepared for cases
where it does not work

Actually, to be clear, what I said is that there are both firewall
authors and TCP implementors who do dumb things.  From the last
paragraph of my email:

 One might hope that Linux implementors would make a better decision
 next time around.  And that firewall designers would not be so quick
 to block some new functionality just because it is used in the
 latest port-scanning tool.  But I wouldn't count on it...

From RFC 3360:

   One lesson appears to be that anyone can effectively "attack" a new
   TCP function simply by using that function in their publicly-
   available port-scanning tool, thus causing middleboxes of all kinds
   to block the use of that function. 

- Sally
http://www.icir.org/floyd/







<Prev in Thread] Current Thread [Next in Thread>