[openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open
Salz, Rich via RT
rt at openssl.org
Wed Jan 27 14:19:32 UTC 2016
> This suggests that you have on-path capabilities between each of the
> reflectors and the victim, right?
I don't think so: you need the first attacker to get the cookie, then you spread it out.
> If you have on-path capabilities, couldn't you do a similar attack against a live
> TCP session?
Different because there you are interrupting a session, whereas with TFO you're starting a new connection and pushing data to the receiving app on a "new" connection.
More information about the openssl-dev
mailing list