TCP packets with RST flag set but **not** ACK flag OK??
gtaylor at riverviewtech.net
Tue Apr 12 06:01:31 CEST 2005
> If I follow what you are saying here, the concern is the returning ICMP
> host unreachables may be used as part of a DoS. Is this correct?
Yes, you are following me there.
> If so, the concern is pretty minimal. Packet size is small, only 56
> bytes in size, so bandwidth utilization is small. Unsolicited ICMP
> errors are going to be quickly discarded by the receiving system, so its
> not going to cause much of a CPU hit on the target. Unfortunately there
> are far too many other ways of performing a DoS that would be much more
> effective and efficient.
*nod* I'm not saying that it's one of the most efficient ways to DDoS someone, but I am saying that it is a way and some institutions politically decide that they would rather DROP packets than possibly participate in a DDoS against someone else.
> Ya, geek stuff is cool. :D
It has gotten me in to trouble too. I tend to spend too much time working on geek stuff. Oh, well I had fun doing it.
Grant. . . .
More information about the netfilter