From owner-freebsd-security@FreeBSD.ORG Wed Apr 21 14:44:46 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27E2316A4CE for ; Wed, 21 Apr 2004 14:44:46 -0700 (PDT) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC55743D4C for ; Wed, 21 Apr 2004 14:44:45 -0700 (PDT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 740AE58A; Wed, 21 Apr 2004 15:44:45 -0600 (CST) Date: Wed, 21 Apr 2004 15:44:45 -0600 From: Tillman Hodgson To: freebsd-security@freebsd.org Message-ID: <20040421214445.GX476@seekingfire.com> References: <6.0.3.0.0.20040420144001.0723ab80@209.112.4.2> <200404201332.40827.dr@kyx.net> <20040421111003.GB19640@lum.celabo.org> <6.0.3.0.0.20040421121715.04547510@209.112.4.2> <20040421165454.GB20049@lum.celabo.org> <6.0.3.0.0.20040421132605.0901bb40@209.112.4.2> <48FCF8AA-93CF-11D8-9C50-000393C94468@sarenet.es> <6.0.3.0.0.20040421161217.05453308@209.112.4.2> <75226E9B-93D3-11D8-90F9-003065ABFD92@mac.com> <4086E522.7090303@comcast.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Wb5NtZlyOqqy58h0" Content-Disposition: inline In-Reply-To: <4086E522.7090303@comcast.net> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers User-Agent: Mutt/1.5.6i Subject: Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Apr 2004 21:44:46 -0000 --Wb5NtZlyOqqy58h0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 21, 2004 at 05:18:26PM -0400, Gary Corcoran wrote: > Charles Swiger wrote: > >The default TTL gets decremented with every hop, which means that a=20 > >packet coming in with a TTL of 255 had to be sent by a directly=20 > >connected system. [ip_ttl is an octet, so it can't hold a larger TTL=20 > >value.] >=20 > Huh? 255-- =3D=3D 254, not 0. A TTL of 255 just allows the maximum poss= ible > number of hops, before being declared hopelessly lost. Exactly -- if you see an incoming packet with a TTL of 255, it must've originated on a directly connected system /or it would've already been decremented to 254 or lower/. -T --=20 "Beware of he who would deny you information, for in his heart he dreams himself your master." --Wb5NtZlyOqqy58h0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAhutNDwp/vIKK/HsRAoN3AJ0aKDv4X5/wMIdY77mS8vzUnpKD8wCdHc7c ulf/IN+izwlMLk5BxDiDw40= =qlpc -----END PGP SIGNATURE----- --Wb5NtZlyOqqy58h0--