lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Jan 2010 07:38:28 -0500 From: William Allen Simpson <william.allen.simpson@...il.com> To: David Miller <davem@...emloft.net> CC: andi@...stfloor.org, shemminger@...tta.com, netdev@...r.kernel.org, linux-api@...r.kernel.org Subject: Re: [PATCH] tcp: Generalized TTL Security Mechanism David Miller wrote: > The idea is that the min_ttl is set very high, so that > you'll only accept packets from hosts that started with > a ttl of 255 and are within a hop or two from you. (therefore > you'd set min_ttl to 254 or 253, something like that) > That's not a particularly good idea: http://www.iana.org/assignments/ip-parameters IP TIME TO LIVE PARAMETER The current recommended default time to live (TTL) for the Internet Protocol (IP) is 64 [RFC791, RFC1122]. === It always bugs me that things get incorrectly labeled "security", yet cannot secure anything. Security requires a secret. Various folks tried all kinds of games with TTL for BGP, but the only thing that _actually_ provided security was MD5 authentication. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists