Other possible protection against RST/SYN attacks (was Re:
TCP RST attack
Mike Tancsa
mike at sentex.net
Wed Apr 21 17:30:55 PDT 2004
At 06:10 PM 21/04/2004, Gary Corcoran wrote:
>>In any event, it still seems like a TTL of 255 is overkill for this
>>application...
>
>Unless, of course, you want to only accept packets with TTL
>of 255. This might be fine when both ends are setup to work
>this way.
Yes, but thats the whole point of it. By having the 2 BGP speakers *only*
accept packets that have a TTL of 255, you are safe to bet it has not come
across another router as no one has decremented the TTL value.
---Mike
More information about the freebsd-security
mailing list