Hi On Wed, Apr 21, 2004 at 08:32:32PM -0400, Mike Tancsa wrote: > At 06:10 PM 21/04/2004, Gary Corcoran wrote: > > >>In any event, it still seems like a TTL of 255 is overkill for this > >>application... > > > >Unless, of course, you want to only accept packets with TTL > >of 255. This might be fine when both ends are setup to work > >this way. > > Yes, but thats the whole point of it. By having the 2 BGP speakers *only* > accept packets that have a TTL of 255, you are safe to bet it has not come > across another router as no one has decremented the TTL value. > Just a comment on the topic: How about if _accidentally_ the routers are configured with the following option (or similar)? # IPSTEALTH enables code to support stealth forwarding (i.e., forwarding # packets without touching the ttl). This can be useful to hide firewalls # from traceroute and similar tools. If the packet has been generated with ttl == 255 it would arrive with ttl == 255 to you after all, if all the routers are using this option! Just a thought! Rumen Telbizov _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"