TCP packets with RST flag set but **not** ACK flag OK??

Taylor Grant gtaylor at
Tue Apr 12 06:01:31 CEST 2005

> If I follow what you are saying here, the concern is the returning ICMP
> host unreachables may be used as part of a DoS. Is this correct? 

Yes, you are following me there.

> If so, the concern is pretty minimal. Packet size is small, only 56
> bytes in size, so bandwidth utilization is small. Unsolicited ICMP
> errors are going to be quickly discarded by the receiving system, so its
> not going to cause much of a CPU hit on the target. Unfortunately there
> are far too many other ways of performing a DoS that would be much more
> effective and efficient. 

*nod*  I'm not saying that it's one of the most efficient ways to DDoS someone, but I am saying that it is a way and some institutions politically decide that they would rather DROP packets than possibly participate in a DDoS against someone else.

> Ya, geek stuff is cool. :D

It has gotten me in to trouble too.  I tend to spend too much time working on geek stuff.  Oh, well I had fun doing it.

Grant. . . .

More information about the netfilter mailing list