Other possible protection against RST/SYN attacks (was Re: TCP
RST attack
E.B. Dreger
eddy+public+spam at noc.everquick.net
Wed Apr 21 15:03:30 PDT 2004
GC> Date: Wed, 21 Apr 2004 17:59:51 -0400
GC> From: Gary Corcoran
GC> In any event, it still seems like 255 is overkill for this
GC> application...
It isn't. Say you assumed TTL 128 instead of 255; received
packets should have a TTL of 127. If I'm eleven hops away
instead of one, I'll select a TTL of 138 to have the desired
effect.
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist at brics.com -or- alfra at intc.net -or- curbjmp at intc.net
Sending mail to spambait addresses is a great way to get blocked.
More information about the freebsd-security
mailing list