From owner-freebsd-net Wed Dec 19 13:50:49 2001 Delivered-To: freebsd-net@freebsd.org Received: from comp.chem.msu.su (comp-xl.chem.msu.su [158.250.32.157]) by hub.freebsd.org (Postfix) with ESMTP id 3854A37B419; Wed, 19 Dec 2001 13:50:44 -0800 (PST) Received: (from yar@localhost) by comp.chem.msu.su (8.11.1/8.11.1) id fBJLodv64337; Thu, 20 Dec 2001 00:50:39 +0300 (MSK) (envelope-from yar) Date: Thu, 20 Dec 2001 00:50:39 +0300 From: Yar Tikhiy To: Wilko Bulte Cc: Maxim Konovalov , net@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: Processing IP options reveals IPSTEALH router Message-ID: <20011220005038.B52848@comp.chem.msu.su> References: <20011219181929.A20425@comp.chem.msu.su> <20011219190533.W57795-100000@news1.macomnet.ru> <20011219223242.B4906@freebie.xs4all.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011219223242.B4906@freebie.xs4all.nl>; from wkb@freebie.xs4all.nl on Wed, Dec 19, 2001 at 10:32:42PM +0100 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Dec 19, 2001 at 10:32:42PM +0100, Wilko Bulte wrote: > > > > First of all we should decide what IPSTEALTH is for. Is it just a > > Ruslan's net.inet.ip.decttl or it should really stealth the fact of > > the routing? If the latter how do we behave in source routing case? > > I would assume IPSTEALTH is thought to be for firewalls. Allowing > source routing thru firewalls is a Bad Thing(TM) anyway, right? Source routing itself is a Bad Thing, as is TELNET or rlogin. However, this isn't a reason strong enough to drop all such stuff from FreeBSD completely. That's why we're trying to consider every possible case. IMHO increasing the number of "FOO is incompatible with BAR" situations is no good. -- Yar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message