TCP SYN attacks - a simple solution

The idea has been floated before, and I believe it to be the right
solution to this problem. However, I have some suggested improvements:

1. The use of a "per boot" secret number allows an attacker to
   poll your machine to deduce the secret, and then attack you with
   that knowledge.

   A solution to this problem is to use a rapidly changing secret, the
   pattern of which cannot be easily deduced, and a sliding window of
   acceptance. (If the hash doesn't match the current scheme, but matches
   the scheme we were using in the past N seconds, then accept the packet)

   The change interval needs to be short enough that, by the time an
   attacker has been able to compute the next number, the window for
   accepting that has closed.

I figure that if you steal 4 to 12 bytes for mss storage, 2^20 is still
enough possibilities that you can just rotate your secret every minutes
and test against the old one for 30 seconds...

-matthew kaufman


ps. I've been meaning to write this entire scheme, with the enhancements
  I propose here, as a draft specification, but I keep getting interrupted
  by flooded phone rooms and the like this weekend. *sigh*

Hopefully there will be a working implementation of this by week's end.
Jeff Weisberg has code which runs on sun3s and (soon, I hope) on other
Suns under SunOS.

This has always seemed to me to be the best way to do things, though an
OS patch to go to hashed-entry into arrays of PCBs is a definite win to
back-implement into SunOS (for example) in general.