Re: ICMP unreachables

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Bennett Todd: "Re: UnixWare"
• Previous message: Gene Spafford: "Re: UnixWare"
• Maybe in reply to: MICHAEL R. WIDNER: "ICMP unreachables"

	 In any case, the real solution is to have hosts that check both port
	 numbers in the fake icmp packet.  As was mentioned in another message,
	 most current systems do this checking, so nuke (and programs like it)
	 don't work very well.

Note that in the case of TCP, the ICMP packet should also include the
sequence number of the bounced packet.  A good implementation should
check it, too.  Not foolproof, obviously, but still a step in the right
direction.

• Next message: Bennett Todd: "Re: UnixWare"
• Previous message: Gene Spafford: "Re: UnixWare"
• Maybe in reply to: MICHAEL R. WIDNER: "ICMP unreachables"