Date: Thu, 29 Dec 2005 17:24:35 -0500 From: Barney Wolff <barney@databus.com> To: Julian Elischer <julian@elischer.org> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: forwarding icmp redirects. Message-ID: <20051229222435.GA32141@pit.databus.com> In-Reply-To: <43B45D8A.7040609@elischer.org> References: <43B45D8A.7040609@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 29, 2005 at 02:04:58PM -0800, Julian Elischer wrote: > I know WE don't generate non local icmp redirects but I notice that we > would forward them should someone else (malicious or not) generate them.. > I think that we possibly should check for them in our forwarding code.. > (of course you can stop them with the firewall but..) Why this particular one out of the semi-infinite set of malicious packets? If I had to pick one, I'd drop packets arriving with a source IP that we think is one of ours. But in general I think FreeBSD should obey RFCs and match the good behavior of widely used commercial routers. -- Barney Wolff http://www.databus.com/bwresume.pdf I never met a computer I didn't like.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051229222435.GA32141>