LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux adds router denial-of-service prevention

Linux adds router denial-of-service prevention

Posted Mar 18, 2010 8:30 UTC (Thu) by sitaram (subscriber, #5959)
Parent article: Linux adds router denial-of-service prevention

> TTL spoofing is considered to be more-or-less impossible

I didn't understand that at first. A better way to put it (again, from the RFC) is "...a TTL (or Hop Limit) value of 255 is non-trivial to spoof".

That makes more sense. 255 is the hardest to spoof, because it means one of your immediate neighbours must be compromised. Smaller TTLs are progressively easier, since the set of routers (from which you need to compromise just one, to fake the TTL) grows in size.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds