From owner-freebsd-security@FreeBSD.ORG  Wed Apr 21 14:18:19 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2156016A4CE
	for <freebsd-security@freebsd.org>;
	Wed, 21 Apr 2004 14:18:19 -0700 (PDT)
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EF83643D45
	for <freebsd-security@freebsd.org>;
	Wed, 21 Apr 2004 14:18:18 -0700 (PDT)
	(envelope-from garycor@comcast.net)
Received: from comcast.net
	(pcp09118143pcs.union01.nj.comcast.net[69.142.234.88])
	by comcast.net (rwcrmhc13) with SMTP
	id <2004042121181701500q1fete>          (Authid: garycor);
	Wed, 21 Apr 2004 21:18:18 +0000
Message-ID: <4086E522.7090303@comcast.net>
Date: Wed, 21 Apr 2004 17:18:26 -0400
From: Gary Corcoran <garycor@comcast.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.5) Gecko/20031007
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Charles Swiger <cswiger@mac.com>
References: <6.0.3.0.0.20040420125557.06b10d48@209.112.4.2>
	<xzp65buh5fa.fsf@dwp.des.no> <6.0.3.0.0.20040420144001.0723ab80@209.112.4.2>
	<200404201332.40827.dr@kyx.net> <20040421111003.GB19640@lum.celabo.org>
	<6.0.3.0.0.20040421121715.04547510@209.112.4.2>
	<20040421165454.GB20049@lum.celabo.org>
	<6.0.3.0.0.20040421132605.0901bb40@209.112.4.2>
	<48FCF8AA-93CF-11D8-9C50-000393C94468@sarenet.es>
	<6.0.3.0.0.20040421161217.05453308@209.112.4.2>
	<75226E9B-93D3-11D8-90F9-003065ABFD92@mac.com>
In-Reply-To: <75226E9B-93D3-11D8-90F9-003065ABFD92@mac.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-security@freebsd.org
Subject: Re: Other possible protection against RST/SYN attacks (was Re: TCP
 RST attack
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2004 21:18:19 -0000

Charles Swiger wrote:

> On Apr 21, 2004, at 4:14 PM, Mike Tancsa wrote:
> 
>> What side effects if any are there?  Why is the default 64 and not 
>> some other number like 255...
> 
> 
> The default TTL gets decremented with every hop, which means that a 
> packet coming in with a TTL of 255 had to be sent by a directly 
> connected system.  [ip_ttl is an octet, so it can't hold a larger TTL 
> value.]

Huh?  255-- == 254, not 0.  A TTL of 255 just allows the maximum possible
number of hops, before being declared hopelessly lost.

> A packet with a TTL of 64 could have been many hops away.

As DES said in a later reply, 64 was probably just a reasonable,
but arbitrary value.  Whereas 255 would probably allow for several
trips around the world, and would be overkill.

Gary