Date: Tue, 14 Mar 2000 11:21:52 +0200 From: Ruslan Ermilov <ru@ucb.crimea.ua> To: Peter Schultz <pete-freebsd-net@bebox.corpcomm.net> Cc: freebsd-net@FreeBSD.ORG Subject: Re: IPSTEALTH Message-ID: <20000314112152.A47602@relay.ucb.crimea.ua> In-Reply-To: <20000314022446.B347@bebox.corpcomm.net>; from Peter Schultz on Tue, Mar 14, 2000 at 02:24:47AM -0600 References: <20000314022446.B347@bebox.corpcomm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 14, 2000 at 02:24:47AM -0600, Peter Schultz wrote: > Hi, > > In my kernel configuration file I have: > options IPFILTER > options IPFILTER_LOG > options IPSTEALTH > > Does the IPSTEALTH option provide my LAN with increased > protection by doing NAT in such a way so as to make it > undetectible? Basically what I'm looking for is a blurb > on what makes IPSTEALTH special, and in what situations > it is best used. > src/sys/i386/conf/LINT is very clear about this option: # IPSTEALTH enables code to support stealth forwarding (i.e., forwarding # packets without touching the ttl). This can be useful to hide firewalls # from traceroute and similar tools. The associated code could be found in src/sys/netinet/ip_input.c, under the IPSTEALTH conditional. Cheers, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000314112152.A47602>