Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S264979AbUF1Ot6 (ORCPT ); Mon, 28 Jun 2004 10:49:58 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S264984AbUF1Ot6 (ORCPT ); Mon, 28 Jun 2004 10:49:58 -0400 Received: from pimout3-ext.prodigy.net ([207.115.63.102]:10211 "EHLO pimout3-ext.prodigy.net") by vger.kernel.org with ESMTP id S264979AbUF1Ot5 (ORCPT ); Mon, 28 Jun 2004 10:49:57 -0400 Date: Mon, 28 Jun 2004 07:49:45 -0700 From: Chris Wedgwood To: Miquel van Smoorenburg Cc: linux-kernel@vger.kernel.org Subject: Re: TCP-RST Vulnerability - Doubt Message-ID: <20040628144945.GB11481@taniwha.stupidest.org> References: <40DC9B00@webster.usu.edu> <20040625150532.1a6d6e60.davem@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 581 Lines: 15 On Mon, Jun 28, 2004 at 01:22:37PM +0000, Miquel van Smoorenburg wrote: > The "TTL hack" solution is safer. Make sure sender uses a TTL of > 255, on the receiver discard all packets with a TTL < 255. You can > use iptables to implement that on a Linux box. Breaks with eBGP multi-hop so you have to adjust as required there. --cw - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/