[4987] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DoS, ICMP, proxies, SYNDefender

daemon@ATHENA.MIT.EDU (Tim Bass)
Thu Oct 3 18:05:49 1996

From: Tim Bass <bass@linux.silkroad.com>
To: egoshin@genesyslab.com (Leonid Egoshin)
Date: Thu, 3 Oct 1996 17:58:28 -0400 (EDT)
Cc: mdz@netrail.net, iepg@iepg.org, nanog@merit.edu
In-Reply-To: <199610032149.OAA26278@giant.genesyslab.com> from "Leonid Egoshin" at Oct 3, 96 02:49:07 pm

>    Tim, unfortunately ICMP UNREACHABLE can be sent some intermediate
> router during routing flip process. For this reason some customer
> prefer cut off this sort of ICMP - it would break running TCP connection.

Understood, however the conditions to terminate the connection
is not just as simple as UNREACHABLE.  A few possible conditions:

(1) UNREACHABLE && TCP_SYN_STATE


(2) UNREACHABLE && TCP_SYN_STATE && sk->time_in_state


VR,

Tim


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4987] in North American Network Operators' Group

Re: DoS, ICMP, proxies, SYNDefender

daemon@ATHENA.MIT.EDU (Tim Bass)Thu Oct 3 18:05:49 1996

daemon@ATHENA.MIT.EDU (Tim Bass)
Thu Oct 3 18:05:49 1996