Date: Wed, 22 Dec 1999 03:37 EST From: Barney Wolff <barney@databus.com> To: freebsd-net@freebsd.org Subject: Re: TTL and FreeBSD-3.4 Message-ID: <38608dcf0.5bdf@databus.databus.com>
next in thread | raw e-mail | index | archive | help
Did you not see the line > ip->ip_ttl -= IPTTLDEC; which is skipped when stealth is on? Looks like decrementing the ttl, to me. But a bridge (aka switch, these days) doesn't do it either. It's safe iff two stealthed devices are never directly connected to each other. Barney Wolff <barney@databus.com> > Date: Wed, 22 Dec 1999 00:04:22 -0800 > From: Pavlin Ivanov Radoslavov <pavlin@catarina.usc.edu> > > However, IPSTEALTH matters only in the following code (in > netinet/ip_input.c): > > #ifdef IPSTEALTH > if (!ipstealth) { > #endif > if (ip->ip_ttl <= IPTTLDEC) { > icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, > dest, 0); > return; > } > ip->ip_ttl -= IPTTLDEC; > #ifdef IPSTEALTH > } > #endif > > So, IPSTEALTH can be used to configure a router such that it will > not respond by ICMP "TTL Exceeded" if the ttl of the IP data packet > is <= 1, and therefore it will be invisible to traceroute. This is > completely different from the explanation in the LINT and from the > text in the original annoucement, and is quite harmless, unlike the > described there "stealth forwarding". > > Is this all what IPSTEALTH and "stealth forwarding" is about, or > there is something more? > If this is all, then probably the explanation text in LINT should be > fixed, otherwise it may scare other people as well :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38608dcf0.5bdf>