nanog mailing list archives

Re: DoS, ICMP, proxies, SYNDefender

From: Leonid Egoshin <egoshin () genesyslab com>
Date: Thu, 3 Oct 1996 15:26:06 -0700 (PDT)

From: Tim Bass <bass () linux silkroad com>

   Tim, unfortunately ICMP UNREACHABLE can be sent some intermediate
router during routing flip process. For this reason some customer
prefer cut off this sort of ICMP - it would break running TCP connection.


Understood, however the conditions to terminate the connection
is not just as simple as UNREACHABLE.  A few possible conditions:
(1) UNREACHABLE && TCP_SYN_STATE
(2) UNREACHABLE && TCP_SYN_STATE && sk->time_in_state


    I am not shure that it is in _ALL_ host types.
Experience gave me that some time I had problem with uninterraptable
service up to I configure router to cut off ICMP UNREACHABLE from
outside.

                                - Leonid Yegoshin, LY22
- - - - - - - - - - - - - - - - -

Current thread:

Re: DoS, ICMP, proxies, SYNDefender Leonid Egoshin (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 03)
- <Possible follow-ups>
- Re: DoS, ICMP, proxies, SYNDefender Leonid Egoshin (Oct 03)
- Re: DoS, ICMP, proxies, SYNDefender Tim Salo (Oct 04)
  - Re: DoS, ICMP, proxies, SYNDefender Tim Bass (Oct 04)
    - Re: DoS, ICMP, proxies, SYNDefender Michael Dillon (Oct 04)
    - Re: DoS, ICMP, proxies, SYNDefender Curtis Villamizar (Oct 07)
- Re: DoS, ICMP, proxies, SYNDefender Jeff Weisberg (Oct 04)
  - Re: DoS, ICMP, proxies, SYNDefender Avi Freedman (Oct 04)
- Re: DoS, ICMP, proxies, SYNDefender Jeff Weisberg (Oct 04)