Bugtraq mailing list archives
Re: ICMP unreachables
From: smb () research att com (smb () research att com)
Date: Thu, 28 Apr 94 12:10:15 EDT
In any case, the real solution is to have hosts that check both port numbers in the fake icmp packet. As was mentioned in another message, most current systems do this checking, so nuke (and programs like it) don't work very well. Note that in the case of TCP, the ICMP packet should also include the sequence number of the bounced packet. A good implementation should check it, too. Not foolproof, obviously, but still a step in the right direction.
Current thread:
- Re: ICMP unreachables smb () research att com (Apr 28)