ideas for half-open sync flood fixs

• Previous message (by thread): ideas for half-open sync flood fixs
• Next message (by thread): Responsible Network Management Guidelines
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

from the quill of peter at telescan.com (Peter Cole) on scroll
<199609201650.MAA10156 at merit.edu>
> fix 1.  Doesn't the network respond with ICMP message to the attacked
> host 
> telling it that the nonexistent host is unreachable.  The attacked host
> could 
> close a half open socket if it received a ICMP message with the
> corresponding 
> host address and socket port data.

Ideally.  A lot of firewalls silently drop packets which don't get past the
security policy to make port scanning take much longer than it would if
ICMP's were sent back.  No resets, no ICMP unreachable.

b.


--
Brian J. Murrell                                        Brian_Murrell at bctel.net
BCTel Advanced Communications                                   brian at ilinx.com
Vancouver, B.C.                                                brian at wimsey.com
604 454 5279

• Previous message (by thread): ideas for half-open sync flood fixs
• Next message (by thread): Responsible Network Management Guidelines
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]