Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack
From: Mike Tancsa (mike_at_sentex.net)
Date: 04/22/04
- Previous message: Don Lewis: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- In reply to: Gary Corcoran: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Next in thread: Rumen Telbizov: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Reply: Rumen Telbizov: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Apr 2004 20:32:32 -0400 To: freebsd-security@freebsd.org
At 06:10 PM 21/04/2004, Gary Corcoran wrote:
>>In any event, it still seems like a TTL of 255 is overkill for this
>>application...
>
>Unless, of course, you want to only accept packets with TTL
>of 255. This might be fine when both ends are setup to work
>this way.
Yes, but thats the whole point of it. By having the 2 BGP speakers *only*
accept packets that have a TTL of 255, you are safe to bet it has not come
across another router as no one has decremented the TTL value.
---Mike
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Don Lewis: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- In reply to: Gary Corcoran: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Next in thread: Rumen Telbizov: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Reply: Rumen Telbizov: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
