Firewall Wizards mailing list archives
RE: Borderware Ping Server
From: Matthew Kirkwood <matthew () hairy beasts org>
Date: Tue, 23 Oct 2001 13:05:08 +0100 (BST)
On Sat, 20 Oct 2001, Ofir Arkin wrote:
We let the FW deal with only what we teach him to recognized, and what is a legitimate IPv4 traffic. This mean that if the firewall receives a packet with an Unused bit set, which is against the RFCs recommendations it drops it instantly because it is not a legit IPv4 traffic. No questions asked.
Actually, in this case and perhaps others (unknown IP or TCP options, for example) wouldn't the wisest approach be to zero the unknown bit? This is exactly what is causing so many problems with ECN at the moment. Matthew. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Borderware Ping Server Don Ng (Oct 09)
- Re: Borderware Ping Server Marcus J. Ranum (Oct 09)
- RE: Borderware Ping Server Ofir Arkin (Oct 17)
- RE: Borderware Ping Server Matthew Kirkwood (Oct 18)
- RE: Borderware Ping Server Marcus J. Ranum (Oct 18)
- RE: Borderware Ping Server Ofir Arkin (Oct 18)
- RE: Borderware Ping Server Marcus J. Ranum (Oct 20)
- RE: Borderware Ping Server Ofir Arkin (Oct 23)
- RE: Borderware Ping Server Matthew Kirkwood (Oct 23)
- RE: Borderware Ping Server Ofir Arkin (Oct 23)
- RE: Borderware Ping Server Ofir Arkin (Oct 17)
- Re: Borderware Ping Server Marcus J. Ranum (Oct 09)
- Re: Borderware Ping Server Paul Zatychec (Oct 18)
- <Possible follow-ups>
- RE: Borderware Ping Server Peter Cox (Oct 11)
- RE: Borderware Ping Server Don Ng (Oct 11)