From owner-freebsd-arch Wed Feb 21 12:14:40 2001 Delivered-To: freebsd-arch@freebsd.org Received: from molly.straylight.com (molly.straylight.com [209.68.199.242]) by hub.freebsd.org (Postfix) with ESMTP id 8E63C37B491 for ; Wed, 21 Feb 2001 12:14:35 -0800 (PST) (envelope-from jonathan@graehl.org) Received: from dickie (case.straylight.com [209.68.199.244]) by molly.straylight.com (8.11.0/8.10.0) with SMTP id f1LKEQF07832 for ; Wed, 21 Feb 2001 12:14:26 -0800 From: "Jonathan Graehl" To: "freebsd-Arch" Subject: Why are ICMP redirects observed by default? Date: Wed, 21 Feb 2001 12:15:45 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I thought ICMP redirects had fallen out of favor; is the security risk (an interloper being able to change routing tables) considered insignificant for leaf or edge machines? Do redirects actually help performance in the real world? Of course, there is nothing to complain about, since the behavior can be toggled; I am simply curious as to what the current feeling about them is (aside from the warm fuzzy feeling of RFC-compliance) # sysctl -a | grep redirect net.inet.ip.redirect: 1 net.inet.icmp.drop_redirect: 0 net.inet.icmp.log_redirect: 0 -- Jonathan Graehl email: jonathan@graehl.org web: http://jonathan.graehl.org/ phone: 858-642-7562 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message