Date: Mon, 7 Jul 2003 01:22:05 +0200 From: Socketd <db@traceroute.dk> To: hackers@freebsd.org Subject: 5 "Advanced" networking questions Message-ID: <20030707012205.3103dfc8.db@traceroute.dk>
next in thread | raw e-mail | index | archive | help
Hi all 1. Reading "man blackhole" I found that net.inet.udp.blackhole=1 will prevent traceroute. Is this only if the host is the end target? or will it simply disable sending an ICMP packet when it get's a packet with ttl=1? 2. Does net.inet.icmp.drop_redirect drop all redirects? Redirect datagrams for the Network. Redirect datagrams for the Host. Redirect datagrams for the Type of Service and Network. Redirect datagrams for the Type of Service and Host. 3. What is the difference between net.inet.ip.redirect and the above? 4. There is a net.inet.icmp.maskrepl, but can you also disable timestamp, echo request and information request messages the same way or do I need a firewall for that? 5. In order to drop SYN-FIN packets, do I need to compile the kernel with "options TCP_DROP_SYNFIN" or can I just use "tcp_drop_synfin="YES"" in /etc/rc.conf? Is there a net.inet.tcp.?? I can use instead of the above suggestions? br socketd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030707012205.3103dfc8.db>