Discussion Flashcards
1
Q
(Not actually implemented) While this one-time cookie approach is more complex,
A
it may have the benefit of thwarting some amplification and re- source exhaustion attacks.
2
Q
The server can avoid disabling TFO for all clients by
A
main- taining a small cache of recently received TFO connection requests from different client IP addresses.
3
Q
If the pending TFO requests from a particular client IP exceeds the admin- istratively set threshold,
A
the server can selectively disable TFO for just that client IP address.
4
Q
The server side cache increases the number of valid cookies that the attacker must steal to disable TFO for everyone,
A
but does not completely eliminate the possibility.