nanog mailing list archives
Re: DoS, ICMP, proxies, SYNDefender
From: Leonid Egoshin <egoshin () genesyslab com>
Date: Thu, 3 Oct 1996 15:26:06 -0700 (PDT)
From: Tim Bass <bass () linux silkroad com>Tim, unfortunately ICMP UNREACHABLE can be sent some intermediate router during routing flip process. For this reason some customer prefer cut off this sort of ICMP - it would break running TCP connection.Understood, however the conditions to terminate the connection is not just as simple as UNREACHABLE. A few possible conditions: (1) UNREACHABLE && TCP_SYN_STATE (2) UNREACHABLE && TCP_SYN_STATE && sk->time_in_state
I am not shure that it is in _ALL_ host types. Experience gave me that some time I had problem with uninterraptable service up to I configure router to cut off ICMP UNREACHABLE from outside. - Leonid Yegoshin, LY22 - - - - - - - - - - - - - - - - -
Current thread:
- Re: DoS, ICMP, proxies, SYNDefender Leonid Egoshin (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 03)
- <Possible follow-ups>
- Re: DoS, ICMP, proxies, SYNDefender Leonid Egoshin (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Tim Salo (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Michael Dillon (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Curtis Villamizar (Oct 07)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Jeff Weisberg (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Jeff Weisberg (Oct 04)