TCP Cookie Transactions
   HOME

TheInfoList



Click Here for Items Related To - TCP Cookie Transactions
OR:
TCP Cookie Transactions on:   [Wikipedia]   [Google]   [Amazon]

TCP Cookie Transactions (TCPCT) is specified in RFC 6013 (historic status, formerly experimental) as an extension of Transmission Control Protocol (TCP) intended to secure it against denial-of-service attacks, such as resource exhaustion by
SYN flood A SYN flood is a form of denial-of-service attack in which an attacker rapidly initiates a connection to a server without finalizing the connection. The server has to spend resources waiting for half-opened connections, which can consume enough ...
ing and malicious connection termination by third parties. Unlike the original
SYN cookies Syn or SYN may refer to: In arts and entertainment In music *The Syn, a band *Synyster Gates, lead guitarist of the band Avenged Sevenfold Fictional characters *Doctor Syn, in novels by Russell Thorndike Other uses in arts and entertainment *SY ...
approach, TCPCT does not conflict with other TCP extensions, but requires TCPCT support in the client (initiator) as well as the server (responder) TCP stack. The immediate reason for the TCPCT extension is deployment of the DNSSEC protocol. Prior to DNSSEC, DNS requests primarily used short UDP packets, but due to the size of DNSSEC exchanges, and shortcomings of IP fragmentation, UDP is less practical for DNSSEC. Thus DNSSEC-enabled requests create a large number of short-lived TCP connections. TCPCT avoids resource exhaustion on server-side by not allocating ''any'' resources until the completion of the three-way handshake. Additionally, TCPCT allows the server to release memory immediately after the connection closes, while it persists in the TIME-WAIT state. TCPCT support was partly merged into the
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
in December 2009, but was removed in May 2013 because it was never fully implemented and had a performance cost. TCPCT was deprecated in 2016 in favor of
TCP Fast Open In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a ''TFO cookie'' (a TCP option), which is a cryptographic c ...
. Status of the original RFC was changed to "historic".


See also

*
SYN cookies Syn or SYN may refer to: In arts and entertainment In music *The Syn, a band *Synyster Gates, lead guitarist of the band Avenged Sevenfold Fictional characters *Doctor Syn, in novels by Russell Thorndike Other uses in arts and entertainment *SY ...
* T/TCP (Transactional TCP) *
TCP Fast Open In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a ''TFO cookie'' (a TCP option), which is a cryptographic c ...


References

Cookie Transactions Computer network security {{network-stub