Re: TCP packets with RST flag set but **not** ACK flag OK??

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chris Brenton <cbrenton@chrisbrenton.org>
To: gtaylor@riverviewtech.net
Cc: netfilter <netfilter@lists.netfilter.org>
Subject: Re: TCP packets with RST flag set but **not** ACK flag OK??
Date: Tue, 12 Apr 2005 00:06:59 -0400	[thread overview]
Message-ID: <1113278818.2151.87.camel@grendel> (raw)
In-Reply-To: <425B3354.2030807@riverviewtech.net>

On Mon, 2005-04-11 at 22:32, Grant Taylor wrote:
>
> One reason that some institutions decide to DROP verses REJECT is so that someone can not spoof their source IP while performing some sort of attack

I don't think I quite follow what you are saying. I'm not sure how using
drop or reject would have any effect on someone's ability to use your
address space as the source IP in a spoofed packet.

> the institutions system expecting the REJECT to go to the spoofed source IP thus becoming part of what I think is considered a reflected attack.

If I follow what you are saying here, the concern is the returning ICMP
host unreachables may be used as part of a DoS. Is this correct? 

If so, the concern is pretty minimal. Packet size is small, only 56
bytes in size, so bandwidth utilization is small. Unsolicited ICMP
errors are going to be quickly discarded by the receiving system, so its
not going to cause much of a CPU hit on the target. Unfortunately there
are far too many other ways of performing a DoS that would be much more
effective and efficient. 

> These issues and many more like them are some of the things that I would like to spend some more time reading about and gaining a better understanding

Ya, geek stuff is cool. :D

Chris

next prev parent reply	other threads:[~2005-04-12  4:06 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-11 19:18 TCP packets with RST flag set but **not** ACK flag OK?? Christian Seberino
2005-04-11 19:49 ` Chris Brenton
2005-04-11 21:57 ` Taylor, Grant
2005-04-12  0:36   ` Chris Brenton
2005-04-12  2:32     ` Grant Taylor
2005-04-12  4:06       ` Chris Brenton [this message]
2005-04-12  4:01         ` Taylor Grant
2005-04-12  7:24         ` Taylor Grant
2005-04-12 14:41           ` Chris Brenton
2005-04-12  4:22     ` Taylor Grant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1113278818.2151.87.camel@grendel \
    --to=cbrenton@chrisbrenton.org \
    --cc=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.