Re: TCP-RST Vulnerability - Doubt

From: Chris Wedgwood
Date: Mon Jun 28 2004 - 09:51:22 EST

Next message: Jeff Moyer: "Re: netconsole hangs w/ alt-sysrq-t"
Previous message: Jörn Engel: "make foo/bar.o fails in untouched kernel trees"
In reply to: Miquel van Smoorenburg: "Re: TCP-RST Vulnerability - Doubt"
Next in thread: Florian Weimer: "Re: TCP-RST Vulnerability - Doubt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 28, 2004 at 01:22:37PM +0000, Miquel van Smoorenburg wrote:

> The "TTL hack" solution is safer. Make sure sender uses a TTL of
> 255, on the receiver discard all packets with a TTL < 255. You can
> use iptables to implement that on a Linux box.

Breaks with eBGP multi-hop so you have to adjust as required there.

--cw
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Moyer: "Re: netconsole hangs w/ alt-sysrq-t"
Previous message: Jörn Engel: "make foo/bar.o fails in untouched kernel trees"
In reply to: Miquel van Smoorenburg: "Re: TCP-RST Vulnerability - Doubt"
Next in thread: Florian Weimer: "Re: TCP-RST Vulnerability - Doubt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]