Date: Wed, 22 Dec 1999 03:37 EST From: Barney Wolff <barney@databus.com> To: freebsd-net@freebsd.org Subject: Re: TTL and FreeBSD-3.4 Message-ID: <38608dcf0.5bdf@databus.databus.com>
next in thread | raw e-mail | index | archive | help
Did you not see the line
> ip->ip_ttl -= IPTTLDEC;
which is skipped when stealth is on? Looks like decrementing the ttl,
to me.
But a bridge (aka switch, these days) doesn't do it either. It's
safe iff two stealthed devices are never directly connected to each
other.
Barney Wolff <barney@databus.com>
> Date: Wed, 22 Dec 1999 00:04:22 -0800
> From: Pavlin Ivanov Radoslavov <pavlin@catarina.usc.edu>
>
> However, IPSTEALTH matters only in the following code (in
> netinet/ip_input.c):
>
> #ifdef IPSTEALTH
> if (!ipstealth) {
> #endif
> if (ip->ip_ttl <= IPTTLDEC) {
> icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS,
> dest, 0);
> return;
> }
> ip->ip_ttl -= IPTTLDEC;
> #ifdef IPSTEALTH
> }
> #endif
>
> So, IPSTEALTH can be used to configure a router such that it will
> not respond by ICMP "TTL Exceeded" if the ttl of the IP data packet
> is <= 1, and therefore it will be invisible to traceroute. This is
> completely different from the explanation in the LINT and from the
> text in the original annoucement, and is quite harmless, unlike the
> described there "stealth forwarding".
>
> Is this all what IPSTEALTH and "stealth forwarding" is about, or
> there is something more?
> If this is all, then probably the explanation text in LINT should be
> fixed, otherwise it may scare other people as well :)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38608dcf0.5bdf>