RE: TCP RST attack (the cause of all that MD5-o-rama)

James wrote:
now the question is... would this also affect single-hop
bgp sessions? my understanding would be no, as single-hops
require ttl set to 1.

Simon Lockhart wrote:
All it requires is for the TTL to be 1 (or 0, I can't
remember which) when it's received. Just launch your
packets with a TTL of the number of hops between you
and the victim, and that's that bit sorted...

That's not the way I read it at all. The way I read it is that the TTL
of the packet has to be equal or _greater_ than 254 (or 255). Since you
can't set the TTL to a value greater than 255 when sending the forged
packet, it means that the spoofer sending a packet from 10 hops away
will have a TTL of 245 at most, and will be discarded. As nobody has
figured out how to prevent the TTL to be decremented by each of the hops
on the way, it works.