From: William Allen Simpson <william.allen.simpson@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: andi@firstfloor.org, shemminger@vyatta.com,
netdev@vger.kernel.org, linux-api@vger.kernel.org
Subject: Re: [PATCH] tcp: Generalized TTL Security Mechanism
Date: Thu, 14 Jan 2010 07:38:28 -0500 [thread overview]
Message-ID: <4B4F1044.8080500@gmail.com> (raw)
In-Reply-To: <20100114.032739.217960336.davem@davemloft.net>
David Miller wrote:
> The idea is that the min_ttl is set very high, so that
> you'll only accept packets from hosts that started with
> a ttl of 255 and are within a hop or two from you. (therefore
> you'd set min_ttl to 254 or 253, something like that)
>
That's not a particularly good idea:
http://www.iana.org/assignments/ip-parameters
IP TIME TO LIVE PARAMETER
The current recommended default time to live (TTL) for the Internet
Protocol (IP) is 64 [RFC791, RFC1122].
===
It always bugs me that things get incorrectly labeled "security", yet
cannot secure anything.
Security requires a secret.
Various folks tried all kinds of games with TTL for BGP, but the only
thing that _actually_ provided security was MD5 authentication.
next prev parent reply other threads:[~2010-01-14 12:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-11 6:00 [PATCH] tcp: Generalized TTL Security Mechanism Stephen Hemminger
2010-01-11 11:25 ` Eric Dumazet
[not found] ` <4B4B0AA3.6010207-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2010-01-11 16:25 ` Stephen Hemminger
2010-01-11 17:04 ` Eric Dumazet
2010-01-11 17:10 ` Eric Dumazet
[not found] ` <4B4B5B84.3090409-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2010-01-12 0:27 ` David Miller
2010-01-12 0:28 ` David Miller
2010-01-14 10:58 ` Andi Kleen
[not found] ` <873a29eywq.fsf-3rXA9MLqAseW/qJFnhkgxti2O/JbrIOy@public.gmane.org>
2010-01-14 11:04 ` David Miller
[not found] ` <20100114.030454.16178889.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2010-01-14 11:22 ` Andi Kleen
[not found] ` <20100114112216.GK12241-u0/ZJuX+froe6aEkudXLsA@public.gmane.org>
2010-01-14 11:27 ` David Miller
2010-01-14 12:38 ` William Allen Simpson [this message]
[not found] ` <4B4F1044.8080500-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2010-01-14 13:14 ` Eric Dumazet
2010-03-18 6:36 ` Pekka Savola
2010-03-18 17:59 ` Stephen Hemminger
2010-03-19 7:58 ` Pekka Savola
2010-03-19 8:21 ` Eric Dumazet
2010-03-19 8:28 ` Pekka Savola
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B4F1044.8080500@gmail.com \
--to=william.allen.simpson@gmail.com \
--cc=andi@firstfloor.org \
--cc=davem@davemloft.net \
--cc=linux-api@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=shemminger@vyatta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.