Saturday October 20, 2007 Random ramblings
Saturday October 20, 2007 TCP RST Considered Dangerous and Obsolete
OK, I don't actually mean the title, but with news that Comcast is blocking P2P by sending fake RSTs (same technique as purportedly used by the Great Firewall of China), how long until hosts start to just ignore TCP RSTs (at least for P2P applications anyway)? Yes, it'll degrade detection of errors, but TCP will at least then be immune to such silly "filters". Other things considered obsolete: The destination port field; as things stand, future revisions of TCP may as well codify this to be a "Must Be 80" field.
The sooner the internet (TCP and its data at least) becomes opaque[1] to ISPs, the better. Good to see the ISPs are so eager to help motivate users to achieve that goal.
1. I.e. headers authenticated somehow, if possible (or else ignore possibly false errors), and all discriminatory data/fields encrypted, to the greatest extent possible.
( Oct 20 2007, 07:50:35 PM IST ) Permalink Comments [1]
Trackback URL: http://blogs.sun.com/paulj/entry/tcp_rst_considered_dangerous_and
Post a Comment:
Two points worth considering:
1) if Internet Exploder (IE) receives a connection refused error (ie TCP RST) when attempting to connect to a web server, it retries several times before telling the user there is a problem;
2) you need to ignore/block TCP RSTs at both ends of the connection as devices like this typically send one in each direction (and drop internal state) to ensure that it isn't possible for one party to ignore the RST and soldier on, making it more difficult for a client "behind the wall" to assume the connection is still ok.
Posted by Darren on January 08, 2008 at 12:56 AM GMT #