Re: Other possible protection against RST/SYN attacks (was Re: T

Hi

On Wed, Apr 21, 2004 at 08:32:32PM -0400, Mike Tancsa wrote:
> At 06:10 PM 21/04/2004, Gary Corcoran wrote:
> 
> >>In any event, it still seems like a TTL of 255 is overkill for this 
> >>application...
> >
> >Unless, of course, you want to only accept packets with TTL
> >of 255.  This might be fine when both ends are setup to work
> >this way.
> 
> Yes, but thats the whole point of it.  By having the 2 BGP speakers *only* 
> accept packets that have a TTL of 255, you are safe to bet it has not come 
> across another router as no one has decremented the TTL value.
> 

Just a comment on the topic:

How about if _accidentally_ the routers are configured with the 
following option (or similar)?

# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding
# packets without touching the ttl).  This can be useful to hide firewalls
# from traceroute and similar tools.

If the packet has been generated with ttl == 255 it would
arrive with ttl == 255 to you after all, if all the routers
are using this option!

Just a thought!

Rumen Telbizov
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"