If you don't plan to move your window between different machines, there is another solution at a lower layer: e.g. transport layer of the network stack. Find an appropriate network mobility solution, then you are all set. For example, I use DHARMA (http://dharma.cis.upenn.edu/). I ssh into a box, use X11 forwarding to start an X application on my laptop at home, then I suspend my laptop, bring it to my office, resume the laptop, and after the laptop is reconnected, all my X11 applications are still alive. This is especially convenient when a server doesn't have VNC installed and you are not the root, or you have a very crappy wireless condition, coming up and down all the time.
It is not suprising that microsoft doesn't do this. It is a lot of harder to get software working than work faster than before. For a general purpose OS, M$ has to deal with the problem that how to let the whole big monster (windows) working in all situations, with different hardware configuration, different setup, different purposes of using the computer, etc. It's a little safer to use some less aggressive parameters, in order not to break stuff.
quote:"TCP also provides a number, called an acknowledgement number, that is used to indicate the sequence number of the next packet expected. The packets are reassembled by the receiving TCP implementation only if their sequence numbers fall within a range of the acknowledgement number (called a "window"). The acknowledgement number is not used in a RST packet because a reset does not expect a packet in return. (To be completely accurate, although the last statement is true for a RST packet without the ACK flag set, used to indicate that a TCP port is closed, a RST/ACK is used to terminate an active connection in the event of error. In a RST/ACK packet an acknowledgement number is included in the packet, although it is not checked by the receiving TCP implementation.)"
Suppose the TCP Window size is 64K, then the probability of guessing valid ack number is 64K/2^32=1/64K
It means if I spoof 65536 packets, I'll probably bring down a TCP link, if no router ingress filtering is involved.
I guess the solution is also simple: for RST packet, restrict the receiving window size to be much smaller. Because larger window size is only for high speed data transfer and we do not restrict common packets, we are fine.
Slashdot Mirror
Maybe because of the PageRank(TM) which is missing in firefox. Personally I don't care about the rank, but apparently a lot of companies do.
If you don't plan to move your window between different machines, there is another solution at a lower layer: e.g. transport layer of the network stack. Find an appropriate network mobility solution, then you are all set. For example, I use DHARMA (http://dharma.cis.upenn.edu/). I ssh into a box, use X11 forwarding to start an X application on my laptop at home, then I suspend my laptop, bring it to my office, resume the laptop, and after the laptop is reconnected, all my X11 applications are still alive. This is especially convenient when a server doesn't have VNC installed and you are not the root, or you have a very crappy wireless condition, coming up and down all the time.
It is not suprising that microsoft doesn't do this. It is a lot of harder to get software working than work faster than before. For a general purpose OS, M$ has to deal with the problem that how to let the whole big monster (windows) working in all situations, with different hardware configuration, different setup, different purposes of using the computer, etc. It's a little safer to use some less aggressive parameters, in order not to break stuff.
Suppose the TCP Window size is 64K, then the probability of guessing valid ack number is 64K/2^32=1/64K
It means if I spoof 65536 packets, I'll probably bring down a TCP link, if no router ingress filtering is involved.
I guess the solution is also simple: for RST packet, restrict the receiving window size to be much smaller. Because larger window size is only for high speed data transfer and we do not restrict common packets, we are fine.