| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.00.1003180833420.24946@netcore.fi> Date: Thu, 18 Mar 2010 08:36:48 +0200 (EET) From: Pekka Savola <pekkas@...core.fi> To: Stephen Hemminger <shemminger@...tta.com> cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: [PATCH] tcp: Generalized TTL Security Mechanism Hi, On Sun, 10 Jan 2010, Stephen Hemminger wrote: > This patch adds the kernel portions needed to implement > RFC 5082 Generalized TTL Security Mechanism (GTSM). > It is a lightweight security measure against forged > packets causing DoS attacks (for BGP). ... It's nice to see this added. However, I must add that a compliant RFC 5082 implementation is required to have similar TTL treatment for ICMP errors which relate to the protected session. AFAIK this does not support that. The experimental, earlier spec (GTSH, RFC3682) did not have this requirement. Most if not all implementations support only GTSH mode. So a backward-compatibility option may be desirable. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists