2009 Blog Rewind: The Three-Way Handshake is a Lie!
January 22nd, 2010. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
As I close out my look at some of the most influential posts published here in 2009 I conclude with a post that garnered widespread industry recognition and sparked many discussions, Tod Beardsley’s “TCP Portals: The Handshake’s A Lie“. The post, only published a month ago, drew thousands of readers and dozens of comments. More importantly it shed some light on a potentially damaging vulnerability:
Whenever I interview someone for an Application Engineer or Security
Research position, my favorite introductory question is, “Can you describe for
me the TCP three-way handshake?”. It is a fine baseline question to
understand a candidate’s knowledge of modern
networking. Answers range from “SYN, SYN/ACK, ACK,”, to a full description of ARP, to initial sequence number generation. It’s a good
springboard question, because then you can start talking about
spoofing addresses, port scanning, the significance of IPIDs, and more.
We are hiring a lot here at BreakingPoint, which means
I’m asking this question a lot. After the fourth or fifth interview, I
decided one morning to look over RFC 793 to make sure
that I really did know everything there is to know about the
handshake. That is when I found out that we’ve all been living a lie.
Read the full post, "TCP Portals: The Handshake’s A Lie“.
And once again thank you to all of our fantastic contributors to this blog and to the readers that continue to provide us with commentary and insight. Happy New Year.