DECEMBER 31, 2009

2009 Blog Rewind: The Three-Way Handshake is a Lie!

As I close out my look at some of the most influential posts published here in 2009 I conclude with a post that garnered widespread industry recognition and sparked many discussions, Tod Beardsley's "TCP Portals: The Handshake's A Lie". The post, only published a month ago, drew thousands of readers and dozens of comments. More importantly it shed some light on a potentially damaging vulnerability:

Whenever I interview someone for an Application Engineer or Security Research position, my favorite introductory question is, "Can you describe for me the TCP three-way handshake?". It is a fine baseline question to understand a candidate's knowledge of modern networking. Answers range from "SYN, SYN/ACK, ACK,", to a full description of ARP, to initial sequence number generation. It's a good springboard question, because then you can start talking about spoofing addresses, port scanning, the significance of IPIDs, and more.

We are hiring a lot here at BreakingPoint, which means I'm asking this question a lot. After the fourth or fifth interview, I decided one morning to look over RFC 793 to make sure that I really did know everything there is to know about the handshake. That is when I found out that we've all been living a lie.

Read the full post, "TCP Portals: The Handshake's A Lie".

And once again thank you to all of our fantastic contributors to this blog and to the readers that continue to provide us with commentary and insight. Happy New Year.