I'm not defending the practice, I'm defending myself against the
practitioners. My email, etc., was being delayed because the site I
was sending to was trying to query my non-existent tcp/113 server, and
I was dropping SYNs. Now, I either send an immediate RST or use Erik
Fair's identd, depending on my mood.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
Hi, NANOGers.
] I'm not defending the practice, I'm defending myself against the
] practitioners.
Indeed. This can also be a problem during certain attack types,
particularly during TCP amplification attacks. No response means
that IP stacks send yet another SYN, then another, then another.
The number depends on the IP stack in use.
Thanks,
Rob.
Hi again, NANOGers.
] Indeed. This can also be a problem during certain attack types,
] particularly during TCP amplification attacks. No response means
] that IP stacks send yet another SYN, then another, then another.
] The number depends on the IP stack in use.
Of course what I meant was SYN|ACK, not SYN. 
/me reaches for more coffee.
Thanks,
Rob.