From owner-freebsd-security@FreeBSD.ORG Wed Apr 21 14:41:32 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D70F16A4CE for ; Wed, 21 Apr 2004 14:41:32 -0700 (PDT) Received: from fed1rmmtao01.cox.net (fed1rmmtao01.cox.net [68.230.241.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD4E643D31 for ; Wed, 21 Apr 2004 14:41:31 -0700 (PDT) (envelope-from mikeb@disturbed.org) Received: from pinky.disturbed.org ([68.98.45.46]) by fed1rmmtao01.cox.net ESMTP <20040421214131.GUYY8593.fed1rmmtao01.cox.net@pinky.disturbed.org>; Wed, 21 Apr 2004 17:41:31 -0400 Received: by pinky.disturbed.org (Postfix, from userid 1001) id CC40D6D5368; Wed, 21 Apr 2004 14:41:26 -0700 (MST) Date: Wed, 21 Apr 2004 14:41:26 -0700 From: Mike Benjamin To: Kevin Stevens Message-ID: <20040421214126.GA2503@disturbed.org> References: <6.0.3.0.0.20040420125557.06b10d48@209.112.4.2> <6.0.3.0.0.20040421121715.04547510@209.112.4.2> <6.0.3.0.0.20040421132605.0901bb40@209.112.4.2> <6.0.3.0.0.20040421161217.05453308@209.112.4.2> <6.0.3.0.0.20040421163904.0738d960@209.112.4.2> Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4.1i X-Mailman-Approved-At: Thu, 22 Apr 2004 02:09:13 -0700 cc: freebsd-security@freebsd.org Subject: Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Apr 2004 21:41:32 -0000 On Wed, Apr 21, 2004 at 02:16:31PM -0700, Kevin Stevens wrote: : : On Wed, 21 Apr 2004, [iso-8859-1] Dag-Erling Smørgrav wrote: : : > Mike Tancsa writes: : > I think the default ttl of 64 was an arbitrary choice. You would : > probably be fine using 32, but any lower than that and you would start : > having trouble crossing oceans. : : ?? Because of all the router buoys floating around?? Because hosts overseas tend to cross a greater distance, and packets traveling greater distances tend to cross more routers. This is not the rule, just a generalization. It is invalidated in some cases by MPLS LSPs being configured not to decrement TTL, and in others by the src and dst being in the same ASN, and even others who have a limited number of POPs which creates huge distances without ever breaking out at a l3 device. But, the generalization is still correct in most cases. A trace from my connection in the US to an arbitrary host in Finland gives me 28 hops (across 4 ASNs).. that's awfully close to 32. --mikeb : KeS : _______________________________________________ : freebsd-security@freebsd.org mailing list : http://lists.freebsd.org/mailman/listinfo/freebsd-security : To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Mike Benjamin = mikeb@mikeb.org