| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.00.1003191026150.9778@netcore.fi> Date: Fri, 19 Mar 2010 10:28:45 +0200 (EET) From: Pekka Savola <pekkas@...core.fi> To: Eric Dumazet <eric.dumazet@...il.com> cc: Stephen Hemminger <shemminger@...tta.com>, David Miller <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: [PATCH] tcp: Generalized TTL Security Mechanism On Fri, 19 Mar 2010, Eric Dumazet wrote: > This requires that any router in the path between the client and server > also respects the MINTTL when sending ICMP. Not sure how practical it > is... You're correct that with multihop GTSM, ICMP becomes trickier. I'm not sure how applicable GTSM is really in multihop scenarios, though. I would not recommend using it to secure e.g. with minttl=250 or something that uncontrollable. Your comment relates mainly to ICMP soft/hard errors which are not critical for correct operation. http://tools.ietf.org/html/draft-ietf-tcpm-icmp-attacks-11 discusses this. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists