Re: Other possible protection against RST/SYN attacks (was Re: T
Tillman Hodgson wrote:
> On Wed, Apr 21, 2004 at 05:18:26PM -0400, Gary Corcoran wrote:
>
>>Charles Swiger wrote:
>>
>>>The default TTL gets decremented with every hop, which means that a
>>>packet coming in with a TTL of 255 had to be sent by a directly
>>>connected system. [ip_ttl is an octet, so it can't hold a larger TTL
>>>value.]
>>
>>Huh? 255-- == 254, not 0. A TTL of 255 just allows the maximum possible
>>number of hops, before being declared hopelessly lost.
>
>
> Exactly -- if you see an incoming packet with a TTL of 255, it must've
> originated on a directly connected system /or it would've already been
> decremented to 254 or lower/.
Ah, yes, of course. I thought the original poster was implying
that the packet could only exist on a direct connection, and
wouldn't be passed along to another hop if it had a TTL of 255.
But I guess I just got the wrong impression - sorry for the confusion.
In any event, it still seems like 255 is overkill for this application...
Gary
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 10 之 16 篇):