> [Denial of service possible by remote host putting multiple connections > to a port into the SYN_RCVD state, thereby precluding further > (legitimate) connection attempts.] This is only the very beginning of this issue. Virtually every server around today runs code that has no timeouts on TCP connections. Without timeouts, the other person merely has to wait forever without responding and your server will tie up without end. Do it (5-1024) times and you stuff the service. This also works against most Proxies in firewalls, many Internet gateway services, ISP-provided services, etc. You may also run into the too-many services provided per minute limit, run out of memory while two processes wait for each other to free up the memory they need to finish their task, have open files not shareable between two processes (thus causing a similar denial), and the list rolls on. As long as you're looking at one, you may as well look at the whole suite pof problems that go along with it. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236