[liberationtech] Mac OS/X to reject RST and DoS
Seth David Schoen
schoen at eff.org
Tue Dec 25 09:26:11 PST 2012
pacificboy writes:
> Does anyone know of any Mac OS/X software programs that would stop RST and DoS that are injected in the internet in places like China and its GFW?
You could make a firewall ignore some RSTs, but assuming the ISP injects
resets in both directions, the RST that the ISP sends to the _other party_
will be sufficient to close the connection. (If either end of a TCP
connection receives a RST ostensibly from the other end, it will disconnect.
So it's not enough for you to ignore the RST; the machine that you're talking
to would also need to ignore it.)
For more information on ISP packet spoofing, see
https://www.eff.org/sites/default/files/packet_injection_0.pdf
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the liberationtech
mailing list