internal TCP features such as sequence numbers.Packets can already be spoofed, and the following aspects make it hard to exploit: I haven't searched exhaustively though.Īre any new security issues created that are hard to mitigate? I haven't been able to find any documentation of this in an TCP/IP stack implementations. No, the implementation is quite simple in code in the TCP/IP stack, and it's already a concept that's implemented successfully for TCP Listeners/Servers. This isn't TCP though.Īre there any engineering issues that make it impossible to implement? It is with UDP with modifications to QUIC protocol. Is it possible with TCP/IP stacks on any major OS today? If the destination offered more destination port aliases, it would be able to connect to the same destination IP address 4.2M times. When the same destination is used multiple times by Client A, it would be limited to 65536 connections to that destination IP:Port. Practically: 242B connections - 1xSourceIP X 65536xSourcePorts X 3.7MxDestinationIPs X 1xDestinationPort.Theoretically: 15,891T connections - 1xSourceIP X 65536xSourcePorts X 3.7MxDestinationIPs X 65536xDestinationPort.However this scheme would make it possible to expand a single IP address much further: That is 1xSourceIP X 65536xSourcePorts X 1xDestinationIP X 1xDestinationPort. 3:80 and can correlate with the Host C TCP session.īefore, I used to think that a NAT IP address was limited to 65536 connections. ![]() When Client A receives a packet from Host C, it sees the source IP:Port as 203.0.113.2:80 and can therefore correlate with the Host B TCP session When Client A receives a packet from Host B, it sees the source IP:Port as 203.0.113.When Host B receives a packet from Client A, it sees the source IP:Port as 203.0.113. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |