ipstealth question.
Anton - Valqk
valqk at lozenetz.org
Sun Sep 24 04:55:13 PDT 2006
You are absolutely right but stealth is a strictly so, I you don't want
a ttl change simply don't set
net.inet.ip.stealth=1
I was just wondering...
Joerg Pernfuss wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sun, 24 Sep 2006 14:06:49 +0300
> Anton - Valqk <valqk at lozenetz.org> wrote:
>
>
>> Hi group,
>> I was wondering is option
>>
>> options IPSTEALTH
>>
>> not in the GENERIC on purpose?
>>
>
> Without knowing the exact number, I am sure not decrementing the
> TTL violates at least one RFC. Imagine some datacenter with lots
> of FreeBSD installations and IPSTEALTH part of GENERIC.
> Ideally they do their routing via FreeBSD/netgraph too.
>
> Packets won't die, especially if they have a loop somewhere.
>
> Joerg
> - --
> | /"\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a |
> | \ / campaign against | 0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 |
> | X HTML in email | .the next sentence is true. |
> | / \ and news | .the previous sentence was a lie. |
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (FreeBSD)
>
> iD8DBQFFFmmOH31s/bvKrSQRAoPAAJ4wod2pT6Irr8AzhF7M4LRaXJZ7TwCdGwQi
> y0kNNpGp0xG96o11YxfE2a8=
> =MXk6
> -----END PGP SIGNATURE-----
>
> !DSPAM:45166995563711581215491!
>
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the freebsd-stable
mailing list