Other possible protection against RST/SYN attacks (was Re: TCP
RST attack
Rumen Telbizov
altares at e-card.bg
Wed Apr 21 23:47:11 PDT 2004
Hi
On Wed, Apr 21, 2004 at 08:32:32PM -0400, Mike Tancsa wrote:
> At 06:10 PM 21/04/2004, Gary Corcoran wrote:
>
> >>In any event, it still seems like a TTL of 255 is overkill for this
> >>application...
> >
> >Unless, of course, you want to only accept packets with TTL
> >of 255. This might be fine when both ends are setup to work
> >this way.
>
> Yes, but thats the whole point of it. By having the 2 BGP speakers *only*
> accept packets that have a TTL of 255, you are safe to bet it has not come
> across another router as no one has decremented the TTL value.
>
Just a comment on the topic:
How about if _accidentally_ the routers are configured with the
following option (or similar)?
# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding
# packets without touching the ttl). This can be useful to hide firewalls
# from traceroute and similar tools.
If the packet has been generated with ttl == 255 it would
arrive with ttl == 255 to you after all, if all the routers
are using this option!
Just a thought!
Rumen Telbizov
More information about the freebsd-security
mailing list