Date: Thu, 22 Apr 2004 09:47:07 +0300 From: Rumen Telbizov <altares@e-card.bg> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack Message-ID: <20040422064707.GE8709@e-card.bg> In-Reply-To: <6.0.3.0.0.20040421202553.08107ad0@209.112.4.2> References: <20040421165454.GB20049@lum.celabo.org> <6.0.3.0.0.20040421132605.0901bb40@209.112.4.2> <48FCF8AA-93CF-11D8-9C50-000393C94468@sarenet.es> <6.0.3.0.0.20040421161217.05453308@209.112.4.2> <75226E9B-93D3-11D8-90F9-003065ABFD92@mac.com> <4086E522.7090303@comcast.net> <20040421214445.GX476@seekingfire.com> <4086EED7.3070808@comcast.net> <4086F156.7040808@comcast.net> <6.0.3.0.0.20040421202553.08107ad0@209.112.4.2>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi On Wed, Apr 21, 2004 at 08:32:32PM -0400, Mike Tancsa wrote: > At 06:10 PM 21/04/2004, Gary Corcoran wrote: > > >>In any event, it still seems like a TTL of 255 is overkill for this > >>application... > > > >Unless, of course, you want to only accept packets with TTL > >of 255. This might be fine when both ends are setup to work > >this way. > > Yes, but thats the whole point of it. By having the 2 BGP speakers *only* > accept packets that have a TTL of 255, you are safe to bet it has not come > across another router as no one has decremented the TTL value. > Just a comment on the topic: How about if _accidentally_ the routers are configured with the following option (or similar)? # IPSTEALTH enables code to support stealth forwarding (i.e., forwarding # packets without touching the ttl). This can be useful to hide firewalls # from traceroute and similar tools. If the packet has been generated with ttl == 255 it would arrive with ttl == 255 to you after all, if all the routers are using this option! Just a thought! Rumen Telbizov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040422064707.GE8709>