Date: Wed, 21 Apr 2004 14:41:26 -0700 From: Mike Benjamin <mikeb@mikeb.org> To: Kevin Stevens <Kevin_Stevens@pursued-with.net> Cc: freebsd-security@freebsd.org Subject: Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack Message-ID: <20040421214126.GA2503@disturbed.org> In-Reply-To: <Pine.OSX.4.58.0404211413220.19097@onorysvfu.ybpny> References: <6.0.3.0.0.20040420125557.06b10d48@209.112.4.2> <6.0.3.0.0.20040421121715.04547510@209.112.4.2> <6.0.3.0.0.20040421132605.0901bb40@209.112.4.2> <6.0.3.0.0.20040421161217.05453308@209.112.4.2> <6.0.3.0.0.20040421163904.0738d960@209.112.4.2> <xzp4qrdoxjj.fsf@dwp.des.no> <Pine.OSX.4.58.0404211413220.19097@onorysvfu.ybpny>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 21, 2004 at 02:16:31PM -0700, Kevin Stevens wrote: : : On Wed, 21 Apr 2004, [iso-8859-1] Dag-Erling Smørgrav wrote: : : > Mike Tancsa <mike@sentex.net> writes: : > I think the default ttl of 64 was an arbitrary choice. You would : > probably be fine using 32, but any lower than that and you would start : > having trouble crossing oceans. : : ?? Because of all the router buoys floating around?? Because hosts overseas tend to cross a greater distance, and packets traveling greater distances tend to cross more routers. This is not the rule, just a generalization. It is invalidated in some cases by MPLS LSPs being configured not to decrement TTL, and in others by the src and dst being in the same ASN, and even others who have a limited number of POPs which creates huge distances without ever breaking out at a l3 device. But, the generalization is still correct in most cases. A trace from my connection in the US to an arbitrary host in Finland gives me 28 hops (across 4 ASNs).. that's awfully close to 32. --mikeb : KeS : _______________________________________________ : freebsd-security@freebsd.org mailing list : http://lists.freebsd.org/mailman/listinfo/freebsd-security : To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Mike Benjamin = mikeb@mikeb.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040421214126.GA2503>