TCP Cookie Transactions

TCP Cookie Transactions (TCPCT) is specified in RFC 6013 (experimental status) as an extension of Transmission Control Protocol (TCP) intended to secure it against denial-of-service attacks, such as resource exhaustion by SYN flooding and malicious connection termination by third parties.^[1] Unlike the original SYN cookies approach,^[2] TCPCT does not conflict with other TCP extensions, but requires TCPCT support in the client (initiator) as well as the server (responder) TCP stack.^[3]

The immediate reason for the TCPCT extension is deployment of the DNSSEC protocol. Prior to DNSSEC, DNS requests primarily used short UDP packets, but due to the size of DNSSEC exchanges, and shortcomings of IP fragmentation, UDP is less practical for DNSSEC.^[4]^[5] Thus DNSSEC-enabled requests create a large number of short-lived TCP connections.^[3]^[6]

TCPCT avoids resource exhaustion on server-side by not allocating any resources until the completion of the three-way handshake. Additionally, TCPCT allows the server to release memory immediately after the connection closes, while it persists in the TIME-WAIT state.^[3]

TCPCT support was partly merged into the Linux kernel in December 2009,^[7]^[8] but was removed in May 2013 because it was never fully implemented and had a performance cost.^[9]

References

Cite error: Invalid <references> tag; parameter "group" is allowed only.

Use <references />, or <references group="..." />

This computer networking article is a stub. You can help Wikipedia by expanding it.

↑ Simpson, W. (January 2011). TCP Cookie Transactions. IETF. RFC 6013. https://tools.ietf.org/html/rfc6013. Retrieved March 16, 2012.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ ^3.0 ^3.1 ^3.2 Lua error in package.lua at line 80: module 'strict' not found.
↑ B. Carpenter and S. Brim, “Middleboxes: Taxonomy and Issues,” RFC 3234, February 2002.
↑ P. Srisuresh and K. Egevang, “Traditional IP Network Address Translator (Traditional NAT),” RFC 3022, January 2001
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ http://kernelnewbies.org/Linux_2_6_33#head-2c3c3a8cb87d5b7a6f1182e418abf071cda22c8c
↑ Lua error in package.lua at line 80: module 'strict' not found.

[1] Simpson, W. (January 2011). TCP Cookie Transactions. IETF. RFC 6013. https://tools.ietf.org/html/rfc6013. Retrieved March 16, 2012.

[2] Lua error in package.lua at line 80: module 'strict' not found.

[tcp-robust-cookies-3] 3.0 ^3.1 ^3.2 Lua error in package.lua at line 80: module 'strict' not found.

[4] B. Carpenter and S. Brim, “Middleboxes: Taxonomy and Issues,” RFC 3234, February 2002.

[5] P. Srisuresh and K. Egevang, “Traditional IP Network Address Translator (Traditional NAT),” RFC 3022, January 2001

[6] Lua error in package.lua at line 80: module 'strict' not found.

[7] Lua error in package.lua at line 80: module 'strict' not found.

[8] ttp://kernelnewbies.org/Linux_2_6_33#head-2c3c3a8cb87d5b7a6f1182e418abf071cda22c8c

[9] Lua error in package.lua at line 80: module 'strict' not found.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

TCP Cookie Transactions

See also

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools