Other possible protection against RST/SYN attacks (was Re:
TCP RST attack
Mike Tancsa
mike at sentex.net
Wed Apr 21 13:41:56 PDT 2004
At 04:35 PM 21/04/2004, Charles Swiger wrote:
>On Apr 21, 2004, at 4:14 PM, Mike Tancsa wrote:
>>What side effects if any are there? Why is the default 64 and not some
>>other number like 255...
>
>The default TTL gets decremented with every hop, which means that a packet
>coming in with a TTL of 255 had to be sent by a directly connected
>system. [ip_ttl is an octet, so it can't hold a larger TTL value.] A
>packet with a TTL of 64 could have been many hops away.
Thanks, I realize that. My question is, what unintended consequences might
happen if the default is changed to 255 from 64. As one poster said, if a
packet generated by that host had a ttl of 255, it would bounce around a
lot more if it was trying to reach a host with a bad route somewhere.
I am no IP expert, but I have been around long enough to know that these
default values get set only after long arduous debates and often there are
tradeoffs by raising or lowering a value. I guess I am trying to find that
original debate to see what I might be in for by implementing this with my
peers who request it.
---Mike
More information about the freebsd-security
mailing list