[3806] in North American Network Operators' Group
Re: Access to the Internic Blocked
daemon@ATHENA.MIT.EDU (John Hawkinson)
Thu Aug 22 02:11:05 1996
To: Geoff Huston <gih@aarnet.edu.au>
Date: Thu, 22 Aug 1996 01:52:45 -0400 (EDT)
From: John Hawkinson <jhawk@bbnplanet.com>
Cc: nanog@merit.edu
In-Reply-To: <199608220537.PAA15808@nico.aarnet.edu.au> from "Geoff Huston" at Aug 22, 96 03:37:59 pm
> >On itself, LSRR is a godsend to hackers (i can think of about
> >a dozen of very nasty attacks using general LSRR). The only
> >useful application for it is traceroute.
> >
> >Why don't router vendors provide an option to turn it
> >off for everything but ICMP ECHO?
>
> Personally I find this an excellent suggestion.
So now I need to hack my traceroute to send ICMP_ECHO_REQUESTS instead
of high-port udp packets?
Oh well, I guess we can put this right next to the patches to have
traceroute send TCP SYNs to get through stupid firewalls.
--jhawk
