TCP Cookie Transactions
   HOME

TheInfoList



Click Here for Items Related To - TCP Cookie Transactions
OR:
TCP Cookie Transactions on:   [Wikipedia]   [Google]   [Amazon]

TCP Cookie Transactions (TCPCT) is specified in RFC 6013 (historic status, formerly experimental) as an extension of
Transmission Control Protocol The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is common ...
(TCP) intended to secure it against
denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...
s, such as resource exhaustion by SYN flooding and malicious connection termination by third parties. Unlike the original SYN cookies approach, TCPCT does not conflict with other TCP extensions, but requires TCPCT support in the client (initiator) as well as the server (responder) TCP stack. The immediate reason for the TCPCT extension is deployment of the
DNSSEC The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protoc ...
protocol. Prior to DNSSEC, DNS requests primarily used short UDP packets, but due to the size of DNSSEC exchanges, and shortcomings of
IP fragmentation file:PDU Fragmentation-en.png, 400px, An example of the fragmentation of a protocol data unit in a given layer into smaller fragments. IP fragmentation is an Internet Protocol (IP) process that breaks network packet, packets into smaller pieces ( ...
, UDP is less practical for DNSSEC. Thus DNSSEC-enabled requests create a large number of short-lived TCP connections. TCPCT avoids resource exhaustion on server-side by not allocating ''any'' resources until the completion of the
three-way handshake The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly ...
. Additionally, TCPCT allows the server to release memory immediately after the connection closes, while it persists in the TIME-WAIT state. TCPCT support was partly merged into the Linux kernel in December 2009, but was removed in May 2013 because it was never fully implemented and had a performance cost. TCPCT was deprecated in 2016 in favor of
TCP Fast Open In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a ''TFO cookie'' (a TCP option), which is a cryptographic co ...
. Status of the original RFC was changed to "historic".


See also

* SYN cookies *
T/TCP T/TCP (Transactional Transmission Control Protocol) was a variant of the Transmission Control Protocol (TCP). It was an experimental TCP extension for efficient transaction-oriented (request/response) service. It was developed to fill the gap betwe ...
(Transactional TCP) *
TCP Fast Open In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a ''TFO cookie'' (a TCP option), which is a cryptographic co ...


References

Cookie Transactions Computer network security {{network-stub