IPFW2 versrcreach update
James
james at towardex.com
Wed Jul 21 11:17:45 PDT 2004
On Wed, Jul 21, 2004 at 02:14:10PM -0400, James wrote:
> > >
> > Where would the ICMP go anyway because you either don?t have a route to
> > where you would point the packet to or the route points to null.
>
Hmm.. Soemthing tells me that whatever I said below is exactly same to whatever
you said.. :) doh
Sorry for useless reply :)
-J
> Under uRPF drop condition, ICMP should not happen b/c the source of the route
> is null route.
>
> Under normal, non-uRPF drop condition, ICMP unreachable will go to the *source*
> who is _not_ part of the null route.
>
> For example: If you are host 10.10.10.2 behind a router 10.10.10.1, and you
> run traceroute to 3.3.3.3 and if your router does not have a route for 3.3.3.3
> (not even default route), the router will generate !N/!H icmp message back to
> the source, that being 10.10.10.2, and that being you.
>
> If you are host 10.10.10.2, and you spoof your IP address to 1.1.1.1, and the
> router runs loose-check uRPF and has 1.1.1.1 as RTF_REJECT, the router will
> obviously cannot generate ICMP back at you, b/c you are claiming to be
> 1.1.1.1 which is routed to null.
>
> -J
>
> --
> James Jun TowardEX Technologies, Inc.
> Technical Lead Network Design, Consulting, IT Outsourcing
> james at towardex.com Boston-based Colocation & Bandwidth Services
> cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
--
James Jun TowardEX Technologies, Inc.
Technical Lead Network Design, Consulting, IT Outsourcing
james at towardex.com Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
More information about the freebsd-net
mailing list