Other possible protection against RST/SYN attacks (was Re: TCP RST attack

Borja Marcos borjamar at sarenet.es
Wed Apr 21 13:20:28 PDT 2004


> Thanks, I realize that, especially with iBGP. However for directly 
> connected eBGP peers, the question still stands.
>
> What side effects if any are there?  Why is the default 64 and not 
> some  other number like 255... I am sure the answer is out there, I 
> just need to find the question so I can cram it into google ;-)

	I can only think that it is a reasonable default. With a ttl of 200, 
for example, a routing loop would waste a lot of bandwidth for each 
undeliverable packet.



	Borja.



More information about the freebsd-security mailing list