If they are on the same subnet why not prohibit incoming traffic on the TCP
port used by the gRPC at the router for the subnet using a simple firewall -
the traffic DoS traffic must be hitting the router first (because that is where
the TTL reduction would occur anyway)
> On Jul 23, 2020, at 11
On Wed, 22 Jul 2020 at 23:30, Robert Engels wrote:
> Your network is setup wrong... if you are relying on a router to enforce
> ttl decrement for security. You can more easily prevent IP spoofing on the
> local net (or at the router) and then just verify the IP network portion is
> correct. Easie
Your network is setup wrong... if you are relying on a router to enforce ttl
decrement for security. You can more easily prevent IP spoofing on the local
net (or at the router) and then just verify the IP network portion is correct.
Easier with a simple IP table rather than doing it in user spac
One of the projects I'm playing with at the moment is going to have
long-lived low-traffic streaming sessions with GRPC, having both the client
and the server on the same subnet.
To prevent an attacker from sending spurious TCP RSTs etc from across the
internet, there is a mechanism called GTSM wh
