Other possible protection against RST/SYN attacks (was Re: TCP
RST attack
Gary Corcoran
garycor at comcast.net
Wed Apr 21 14:59:43 PDT 2004
Tillman Hodgson wrote:
> On Wed, Apr 21, 2004 at 05:18:26PM -0400, Gary Corcoran wrote:
>
>>Charles Swiger wrote:
>>
>>>The default TTL gets decremented with every hop, which means that a
>>>packet coming in with a TTL of 255 had to be sent by a directly
>>>connected system. [ip_ttl is an octet, so it can't hold a larger TTL
>>>value.]
>>
>>Huh? 255-- == 254, not 0. A TTL of 255 just allows the maximum possible
>>number of hops, before being declared hopelessly lost.
>
>
> Exactly -- if you see an incoming packet with a TTL of 255, it must've
> originated on a directly connected system /or it would've already been
> decremented to 254 or lower/.
Ah, yes, of course. I thought the original poster was implying
that the packet could only exist on a direct connection, and
wouldn't be passed along to another hop if it had a TTL of 255.
But I guess I just got the wrong impression - sorry for the confusion.
In any event, it still seems like 255 is overkill for this application...
Gary
More information about the freebsd-security
mailing list