[4989] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DoS, ICMP, proxies, SYNDefender

daemon@ATHENA.MIT.EDU (Leonid Egoshin)
Thu Oct 3 18:28:59 1996

Date: Thu, 3 Oct 1996 15:26:06 -0700 (PDT)
From: Leonid Egoshin <egoshin@genesyslab.com>
To: bass@linux.silkroad.com
Cc: iepg@iepg.org, nanog@merit.edu

>From: Tim Bass <bass@linux.silkroad.com>
>
>>    Tim, unfortunately ICMP UNREACHABLE can be sent some intermediate
>> router during routing flip process. For this reason some customer
>> prefer cut off this sort of ICMP - it would break running TCP connection.
>
>Understood, however the conditions to terminate the connection
>is not just as simple as UNREACHABLE.  A few possible conditions:
>(1) UNREACHABLE && TCP_SYN_STATE
>(2) UNREACHABLE && TCP_SYN_STATE && sk->time_in_state

    I am not shure that it is in _ALL_ host types.
Experience gave me that some time I had problem with uninterraptable
service up to I configure router to cut off ICMP UNREACHABLE from
outside.

				- Leonid Yegoshin, LY22


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4989] in North American Network Operators' Group

Re: DoS, ICMP, proxies, SYNDefender

daemon@ATHENA.MIT.EDU (Leonid Egoshin)Thu Oct 3 18:28:59 1996

daemon@ATHENA.MIT.EDU (Leonid Egoshin)
Thu Oct 3 18:28:59 1996