David Miller wrote:
The idea is that the min_ttl is set very high, so that you'll only accept packets from hosts that started with a ttl of 255 and are within a hop or two from you. (therefore you'd set min_ttl to 254 or 253, something like that)
That's not a particularly good idea: http://www.iana.org/assignments/ip-parameters IP TIME TO LIVE PARAMETER The current recommended default time to live (TTL) for the Internet Protocol (IP) is 64 [RFC791, RFC1122]. === It always bugs me that things get incorrectly labeled "security", yet cannot secure anything. Security requires a secret. Various folks tried all kinds of games with TTL for BGP, but the only thing that _actually_ provided security was MD5 authentication. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
