Re: Hacked - is it my turn? - interesting
* Quoting Phillip Hofmeister (plhofmei@zionlth.org):
>
> As mentioned before, it is a port-scanner. Anyhow, TCP-Reset cans turn
Ack.
> a asymmetric DoS attack/flood (one-way) into an symmetric DoS/flood
> because now your host is generating traffic by replying to these
> otherwise useless packets. You could set a limit rule on sending a
A DoS attack is a different scenario than a port
scan. In normal situation you create more load
cause of the TCP-retransmission.
> TCP-Reset..I know. I am not one that enjoys people breaking RFCs, but
> in this case it does make *some* sense. If someone is randomly port
> scanning class C's and they hit your IP, get no response from an ICMP
> (1) echo-request (8) and then try a few ports and get no TCP-Resets,
> they are likely to think you are a dead IP[1].
You would get a ICMP host-unreachable from the
last router in that case.
- Rolf
Reply to: