[SCADASEC] High-level whitepaper on SCADA security (IEEE)
Erik Hjelmvik
erik.hjelmvik at gmail.com
Fri Feb 8 07:15:44 CST 2008
Hi all,
I haven't come in contact with this "puzzle TCP" thing before. But it
doesn't look like something I would suggest using for several reasons:
1. Not using standard TCP will not support the concept of COTS
2. Not using standard TCP is not a good idea if you want to use firewalls or IDS
3. The puzzle doesn't even protect against a SYN flood since an
attacker stilll seem to be able to allocate server resources by
sending TCP SYN packets.
Why not do just use normal existing solutions from the IT workd such
as SYN Cookies to come to terms with flooding? If they want to have
authentication I would suggest adding a security authentication
protocol on top of TCP (after the TCP handhsake) instad of modifying
the TCP standard, or maybe use something like IPSec...
/erik hjelmvik
2008/2/7, Bob Radvanovsky <rsradvan at unixworks.net>:
> Proceedings of the 2005 IEEE
> Workshop on Information Assurance and Security
> United States Military Academy, West Point, NY
>
> http://cc1.sctc.mnscu.edu/infosec/WestPointWorkshop2005/cdrom/PDFs/Papers/S20P02.pdf
>
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
>
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec
>
More information about the scadasec
mailing list