Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack

• Previous message: Darren Reed: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• In reply to: Mike Tancsa: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
• Next in thread: Bill Fumerola: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 22 Apr 2004 09:47:07 +0300
To: Mike Tancsa <mike@sentex.net>

Hi

On Wed, Apr 21, 2004 at 08:32:32PM -0400, Mike Tancsa wrote:
> At 06:10 PM 21/04/2004, Gary Corcoran wrote:
>
> >>In any event, it still seems like a TTL of 255 is overkill for this
> >>application...
> >
> >Unless, of course, you want to only accept packets with TTL
> >of 255. This might be fine when both ends are setup to work
> >this way.
>
> Yes, but thats the whole point of it. By having the 2 BGP speakers *only*
> accept packets that have a TTL of 255, you are safe to bet it has not come
> across another router as no one has decremented the TTL value.
>

Just a comment on the topic:

How about if _accidentally_ the routers are configured with the
following option (or similar)?

# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding
# packets without touching the ttl). This can be useful to hide firewalls
# from traceroute and similar tools.

If the packet has been generated with ttl == 255 it would
arrive with ttl == 255 to you after all, if all the routers
are using this option!

Just a thought!

Rumen Telbizov
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Darren Reed: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• In reply to: Mike Tancsa: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
• Next in thread: Bill Fumerola: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: current-mode opamps ... when you screw the TTL logic with wrong level you screw your ... packets transmitted, 5 packets received, 0% packet loss ... % This is the RIPE Whois query server #1. ... mnt-routes: INET-NOC ... (sci.electronics.design) Re: Clever firewall rules ... TTL match+target ... coming onto my firewall get their TTL incremented by 5. ... 2- drop all the packets with source routing, record route, timestamp ... use during office hours (time match). ... (Focus-Linux) Re: TTL modification while routing IP packets ... > Long time ago 30 was a de facto TTL used in a lot of devices. ... this applies only to packets that the computer generates. ... Herb Martin ... >>> Don't confuse IP packet TTLs with DNS record TTLs, ... (microsoft.public.win2000.networking) Re: AKICIF: Mac Stuff ... >> (In fact the internet connection is to the household LAN, ... One example is to examine the TTL field of outgoing packets. ... for a router is to decrement the TTL on all packets passing through. ... (rec.arts.sf.fandom) Re: Changing packets ttls ... > I am searching how to change packet ttl. ... > so the last hop is the next host in my internal network. ... > changing ttl's is easy to bypass but not for normal user:) ... ipf can match packets by their ttl. ... (freebsd-net)