From owner-freebsd-security@FreeBSD.ORG Wed Apr 21 15:03:30 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D26816A4CE for ; Wed, 21 Apr 2004 15:03:30 -0700 (PDT) Received: from a.mx.ict1.everquick.net (a.mx.ict1.everquick.net [67.67.61.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA3B143D55 for ; Wed, 21 Apr 2004 15:03:29 -0700 (PDT) (envelope-from eddy+public+spam@noc.everquick.net) Received: from a.mx.ict1.everquick.net (localhost [127.0.0.1]) i3LM3ZAk022128; Wed, 21 Apr 2004 22:03:35 GMT X-EverQuick-No-Abuse: Report any e-mail abuse to Received: from localhost (eddy@localhost)i3LM3YI2022125; Wed, 21 Apr 2004 22:03:34 GMT X-Authentication-Warning: a.mx.ict1.everquick.net: eddy owned process doing -bs Date: Wed, 21 Apr 2004 22:03:34 +0000 (GMT) From: "E.B. Dreger" X-X-Sender: eddy@a.mx.ict1.everquick.net To: Gary Corcoran In-Reply-To: <4086EED7.3070808@comcast.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Apr 2004 22:03:30 -0000 GC> Date: Wed, 21 Apr 2004 17:59:51 -0400 GC> From: Gary Corcoran GC> In any event, it still seems like 255 is overkill for this GC> application... It isn't. Say you assumed TTL 128 instead of 255; received packets should have a TTL of 127. If I'm eleven hops away instead of one, I'll select a TTL of 138 to have the desired effect. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.