[4628] in North American Network Operators' Group
Re: ideas for half-open sync flood fixs
daemon@ATHENA.MIT.EDU (Brian Murrell)
Fri Sep 20 13:18:48 1996
From: Brian Murrell <Brian_Murrell@bctel.net>
Date: Fri, 20 Sep 1996 10:02:02 -0700 (PDT)
To: peter@telescan.com
Cc: cert@cert.org, nanog@merit.edu
In-Reply-To: <199609201650.MAA10156@merit.edu>
from the quill of peter@telescan.com (Peter Cole) on scroll
<199609201650.MAA10156@merit.edu>
> fix 1. Doesn't the network respond with ICMP message to the attacked
> host
> telling it that the nonexistent host is unreachable. The attacked host
> could
> close a half open socket if it received a ICMP message with the
> corresponding
> host address and socket port data.
Ideally. A lot of firewalls silently drop packets which don't get past the
security policy to make port scanning take much longer than it would if
ICMP's were sent back. No resets, no ICMP unreachable.
b.
--
Brian J. Murrell Brian_Murrell@bctel.net
BCTel Advanced Communications brian@ilinx.com
Vancouver, B.C. brian@wimsey.com
604 454 5279
