ECN Problems

Problems with non-ECN-compatible equipment in the network: There are several (broken) deployed TCP implementations and routers that don't respond to SYN packets that use the ECN-related flags for negotiating ECN-capability.

A 2001 FreeBSD Security Advisory reported that the IP packet filtering facility ipfw incorrectly treats all TCP packets with the ECE flag set as being part of an established TCP connection. The impact is that with older versions of FreeBSD, remote attackers could take advantage of this to circumvent the firewall.

Go to the ECN Web Page or the TBIT Web Page.
Last modified: November 2002.