dbo:abstract
|
- TCP Cookie Transactions (TCPCT) is specified in RFC 6013 (historic status, formerly experimental) as an extension of Transmission Control Protocol (TCP) intended to secure it against denial-of-service attacks, such as resource exhaustion by SYN flooding and malicious connection termination by third parties. Unlike the original SYN cookies approach, TCPCT does not conflict with other TCP extensions, but requires TCPCT support in the client (initiator) as well as the server (responder) TCP stack. The immediate reason for the TCPCT extension is deployment of the DNSSEC protocol. Prior to DNSSEC, DNS requests primarily used short UDP packets, but due to the size of DNSSEC exchanges, and shortcomings of IP fragmentation, UDP is less practical for DNSSEC. Thus DNSSEC-enabled requests create a large number of short-lived TCP connections. TCPCT avoids resource exhaustion on server-side by not allocating any resources until the completion of the three-way handshake. Additionally, TCPCT allows the server to release memory immediately after the connection closes, while it persists in the TIME-WAIT state. TCPCT support was partly merged into the Linux kernel in December 2009, but was removed in May 2013 because it was never fully implemented and had a performance cost. TCPCT was deprecated in 2016 in favor of TCP Fast Open. Status of the original RFC was changed to "historic". (en)
- TCP Cookie 传输(英文:TCP Cookie Transcations)是一个实验性的传输控制协议拓展,在RFC 6013中定义,用于保护TCP连接免于拒绝服务攻击,例如通过SYN Flood和第三方的恶意连接中止耗尽目标资源。不像原有的 SYN cookies 方法, TCPCT 不会和其它 TCP 拓展冲突, 但是要求客户端(发起者)和服务器(响应者)都支持这一拓展。 开发这个拓展的直接原因是 DNSSEC 协议的部署。在 DNSSEC 出现前,DNS 请求主要使用小型 UDP 数据包,但是由于 DNSSEC 数据交换的大小和IP分片的缺点,UDP 对 DNSSEC 来说并不怎么现实。于是采用 DNSSEC 的请求会创建极多的短寿命 TCP 连接。 TCPCT 避免了服务器端资源耗尽,因为它在完成之前不会申请任何资源。除此之外,TCPCT 允许服务器在连接关闭之后立即释放内存,此时连接还在 TIME-WAIT 状态持续。 2009 年十二月,TCPCT 支持被部分并入了 Linux 内核,但是在 2013 年五月被移除因为它从来没有被完整实现,还会造成性能消耗。 (zh)
|
dbo:wikiPageID
| |
dbo:wikiPageLength
|
- 3705 (xsd:nonNegativeInteger)
|
dbo:wikiPageRevisionID
| |
dbo:wikiPageWikiLink
| |
dbp:wikiPageUsesTemplate
| |
dct:subject
| |
rdfs:comment
|
- TCP Cookie 传输(英文:TCP Cookie Transcations)是一个实验性的传输控制协议拓展,在RFC 6013中定义,用于保护TCP连接免于拒绝服务攻击,例如通过SYN Flood和第三方的恶意连接中止耗尽目标资源。不像原有的 SYN cookies 方法, TCPCT 不会和其它 TCP 拓展冲突, 但是要求客户端(发起者)和服务器(响应者)都支持这一拓展。 开发这个拓展的直接原因是 DNSSEC 协议的部署。在 DNSSEC 出现前,DNS 请求主要使用小型 UDP 数据包,但是由于 DNSSEC 数据交换的大小和IP分片的缺点,UDP 对 DNSSEC 来说并不怎么现实。于是采用 DNSSEC 的请求会创建极多的短寿命 TCP 连接。 TCPCT 避免了服务器端资源耗尽,因为它在完成之前不会申请任何资源。除此之外,TCPCT 允许服务器在连接关闭之后立即释放内存,此时连接还在 TIME-WAIT 状态持续。 2009 年十二月,TCPCT 支持被部分并入了 Linux 内核,但是在 2013 年五月被移除因为它从来没有被完整实现,还会造成性能消耗。 (zh)
- TCP Cookie Transactions (TCPCT) is specified in RFC 6013 (historic status, formerly experimental) as an extension of Transmission Control Protocol (TCP) intended to secure it against denial-of-service attacks, such as resource exhaustion by SYN flooding and malicious connection termination by third parties. Unlike the original SYN cookies approach, TCPCT does not conflict with other TCP extensions, but requires TCPCT support in the client (initiator) as well as the server (responder) TCP stack. (en)
|
rdfs:label
|
- TCP Cookie Transactions (en)
- TCP Cookie 传输 (zh)
|
owl:sameAs
| |
prov:wasDerivedFrom
| |
foaf:isPrimaryTopicOf
| |
is dbo:wikiPageRedirects
of | |
is dbo:wikiPageWikiLink
of | |
is foaf:primaryTopic
of | |