From owner-freebsd-security@FreeBSD.ORG  Wed Apr 21 14:01:45 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4A79516A4CE
	for <freebsd-security@freebsd.org>;
	Wed, 21 Apr 2004 14:01:45 -0700 (PDT)
Received: from smtp.des.no (flood.des.no [217.116.83.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E946543D45
	for <freebsd-security@freebsd.org>;
	Wed, 21 Apr 2004 14:01:44 -0700 (PDT)	(envelope-from des@des.no)
Received: by smtp.des.no (Pony Express, from userid 666)
	id D7D7D530A; Wed, 21 Apr 2004 23:01:43 +0200 (CEST)
Received: from dwp.des.no (des.no [80.203.228.37])
	by smtp.des.no (Pony Express) with ESMTP
	id 2CF8F5309; Wed, 21 Apr 2004 23:01:37 +0200 (CEST)
Received: by dwp.des.no (Postfix, from userid 2602)
	id 0D9CF33C71; Wed, 21 Apr 2004 23:01:37 +0200 (CEST)
To: Mike Tancsa <mike@sentex.net>
References: <6.0.3.0.0.20040420125557.06b10d48@209.112.4.2>
	<xzp65buh5fa.fsf@dwp.des.no>
	<6.0.3.0.0.20040420144001.0723ab80@209.112.4.2>
	<200404201332.40827.dr@kyx.net>
	<20040421111003.GB19640@lum.celabo.org>
	<6.0.3.0.0.20040421121715.04547510@209.112.4.2>
	<20040421165454.GB20049@lum.celabo.org>
	<6.0.3.0.0.20040421132605.0901bb40@209.112.4.2>
	<48FCF8AA-93CF-11D8-9C50-000393C94468@sarenet.es>
	<6.0.3.0.0.20040421161217.05453308@209.112.4.2>
	<75226E9B-93D3-11D8-90F9-003065ABFD92@mac.com>
	<6.0.3.0.0.20040421163904.0738d960@209.112.4.2>
From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=)
Date: Wed, 21 Apr 2004 23:01:36 +0200
In-Reply-To: <6.0.3.0.0.20040421163904.0738d960@209.112.4.2> (Mike Tancsa's
 message of "Wed, 21 Apr 2004 16:43:48 -0400")
Message-ID: <xzp4qrdoxjj.fsf@dwp.des.no>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.63
cc: freebsd-security@freebsd.org
Subject: Re: Other possible protection against RST/SYN attacks (was Re: TCP
 RST attack
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2004 21:01:45 -0000

Mike Tancsa <mike@sentex.net> writes:
> I am no IP expert, but I have been around long enough to know that
> these default values get set only after long arduous debates and often
> there are tradeoffs by raising or lowering a value.  I guess I am
> trying to find that original debate to see what I might be in for by
> implementing this with my peers who request it.

I think the default ttl of 64 was an arbitrary choice.  You would
probably be fine using 32, but any lower than that and you would start
having trouble crossing oceans.

DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no