Re: DoS, ICMP, proxies, SYNDefender
From: Tim Bass <bass@linux.silkroad.com>
I feel like a cheerleader 'Give me an U N R E A C H A B L E' wha-at-ya-got .........
Tim, unfortunately ICMP UNREACHABLE can be sent some intermediate router during routing flip process. For this reason some customer prefer cut off this sort of ICMP - it would break running TCP connection. - Leonid Yegoshin, LY22
Tim, unfortunately ICMP UNREACHABLE can be sent some intermediate router during routing flip process. For this reason some customer prefer cut off this sort of ICMP - it would break running TCP connection.
Understood, however the conditions to terminate the connection is not just as simple as UNREACHABLE. A few possible conditions: (1) UNREACHABLE && TCP_SYN_STATE (2) UNREACHABLE && TCP_SYN_STATE && sk->time_in_state VR, Tim
participants (2)
-
Leonid Egoshin
-
Tim Bass