nanog mailing list archives
Re: ideas for half-open sync flood fixs
From: Brian Murrell <Brian_Murrell () bctel net>
Date: Fri, 20 Sep 1996 10:02:02 -0700 (PDT)
from the quill of peter () telescan com (Peter Cole) on scroll <199609201650.MAA10156 () merit edu>
fix 1. Doesn't the network respond with ICMP message to the attacked host telling it that the nonexistent host is unreachable. The attacked host could close a half open socket if it received a ICMP message with the corresponding host address and socket port data.
Ideally. A lot of firewalls silently drop packets which don't get past the security policy to make port scanning take much longer than it would if ICMP's were sent back. No resets, no ICMP unreachable. b. -- Brian J. Murrell Brian_Murrell () bctel net BCTel Advanced Communications brian () ilinx com Vancouver, B.C. brian () wimsey com 604 454 5279 - - - - - - - - - - - - - - - - -
Current thread:
- ideas for half-open sync flood fixs Peter Cole (Sep 20)
- Re: ideas for half-open sync flood fixs Brian Murrell (Sep 20)