2 Oct
1996
2 Oct
'96
5:32 p.m.
Tim Bass writes:
[...]
Because, it seems to me, since the way to exploit TCP is to use bogus, unreachable IP sources, why not use this fact to let the kernal just filter itself under certain flooding conditions?
Please let me know why this will not work.
Thanks,
It will, except that a slight modification of the attack (using IP addresses that _don't_ produce ICMP_UNREACH) will get us back to square one. Anyway, filtering packets with SRC addresses known to generate ICMP_UNREACH at the earliest possible stage might be a good idea.
Tim
Dima