From owner-freebsd-security@FreeBSD.ORG  Wed Apr 21 15:10:21 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D995316A4CE
	for <freebsd-security@freebsd.org>;
	Wed, 21 Apr 2004 15:10:21 -0700 (PDT)
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A0E1A43D45
	for <freebsd-security@freebsd.org>;
	Wed, 21 Apr 2004 15:10:21 -0700 (PDT)
	(envelope-from garycor@comcast.net)
Received: from comcast.net
	(pcp09118143pcs.union01.nj.comcast.net[69.142.234.88])
	by comcast.net (rwcrmhc13) with SMTP
	id <2004042122102101500pv1nde>          (Authid: garycor);
	Wed, 21 Apr 2004 22:10:21 +0000
Message-ID: <4086F156.7040808@comcast.net>
Date: Wed, 21 Apr 2004 18:10:30 -0400
From: Gary Corcoran <garycor@comcast.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.5) Gecko/20031007
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Gary Corcoran <garycor@comcast.net>, freebsd-security@freebsd.org
References: <6.0.3.0.0.20040420144001.0723ab80@209.112.4.2>
	<200404201332.40827.dr@kyx.net> <20040421111003.GB19640@lum.celabo.org>
	<6.0.3.0.0.20040421121715.04547510@209.112.4.2>
	<20040421165454.GB20049@lum.celabo.org>
	<6.0.3.0.0.20040421132605.0901bb40@209.112.4.2>
	<48FCF8AA-93CF-11D8-9C50-000393C94468@sarenet.es>
	<6.0.3.0.0.20040421161217.05453308@209.112.4.2>
	<75226E9B-93D3-11D8-90F9-003065ABFD92@mac.com> <4086E522.7090303@comcast.net>
	<20040421214445.GX476@seekingfire.com> <4086EED7.3070808@comcast.net>
In-Reply-To: <4086EED7.3070808@comcast.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: Other possible protection against RST/SYN attacks (was Re: TCP
 RST attack
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2004 22:10:22 -0000


> In any event, it still seems like a TTL of 255 is overkill for this application...

Unless, of course, you want to only accept packets with TTL
of 255.  This might be fine when both ends are setup to work
this way.  But it might break general interoperability...

Gary