Other possible protection against RST/SYN attacks (was Re: TCP
RST attack
Tillman Hodgson
tillman at seekingfire.com
Wed Apr 21 14:44:46 PDT 2004
On Wed, Apr 21, 2004 at 05:18:26PM -0400, Gary Corcoran wrote:
> Charles Swiger wrote:
> >The default TTL gets decremented with every hop, which means that a
> >packet coming in with a TTL of 255 had to be sent by a directly
> >connected system. [ip_ttl is an octet, so it can't hold a larger TTL
> >value.]
>
> Huh? 255-- == 254, not 0. A TTL of 255 just allows the maximum possible
> number of hops, before being declared hopelessly lost.
Exactly -- if you see an incoming packet with a TTL of 255, it must've
originated on a directly connected system /or it would've already been
decremented to 254 or lower/.
-T
--
"Beware of he who would deny you information, for in his heart he dreams
himself your master."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040421/7d4f4110/attachment.bin
More information about the freebsd-security
mailing list