forwarding icmp redirects.
Barney Wolff
barney at databus.com
Thu Dec 29 14:27:07 PST 2005
On Thu, Dec 29, 2005 at 02:04:58PM -0800, Julian Elischer wrote:
> I know WE don't generate non local icmp redirects but I notice that we
> would forward them should someone else (malicious or not) generate them..
> I think that we possibly should check for them in our forwarding code..
> (of course you can stop them with the firewall but..)
Why this particular one out of the semi-infinite set of malicious packets?
If I had to pick one, I'd drop packets arriving with a source IP that we
think is one of ours.
But in general I think FreeBSD should obey RFCs and match the good
behavior of widely used commercial routers.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I never met a computer I didn't like.
More information about the freebsd-net
mailing list