Date: Mon, 20 Dec 1999 14:52:15 -0800 From: Pavlin Ivanov Radoslavov <pavlin@catarina.usc.edu> To: net@freebsd.org Cc: pavlin@catarina.usc.edu Subject: TTL and FreeBSD-3.4 Message-ID: <199912202252.OAA18142@rumi.usc.edu>
next in thread | raw e-mail | index | archive | help
I just got the announcement for the FreeBSD-3.4 release and something caught my attention: 1.2. SECURITY CHANGES --------------------- <del> Support has been added for forwarding IP datagrams without inspecting or decreasing the TTL in order to make gateways and firewalls less visible and therefore less exposed to attacks. ====== I understand the security concern and the motivations for adding this feature, but isn't forwarding IP datagrams without decreasing their TTL a violation of one of the requirements for the routers (e.g RFC 1812, Section 5.2.1.2 (step 7) and 5.3.1). By not following this requirement, there is great danger from looping packets infinitely, which could be much worse than someone discovering your gateway IP address. Thanks, Pavlin P.S. I am not on the mailing list. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912202252.OAA18142>