From owner-freebsd-stable@FreeBSD.ORG Sun Sep 24 11:55:12 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1DE716A412 for ; Sun, 24 Sep 2006 11:55:12 +0000 (UTC) (envelope-from valqk@lozenetz.org) Received: from logos.webreality.org (logos.webreality.org [80.72.64.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C14843D5A for ; Sun, 24 Sep 2006 11:55:11 +0000 (GMT) (envelope-from valqk@lozenetz.org) Received: from [172.16.4.1] (unknown [89.190.193.137]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by logos.webreality.org (Postfix) with ESMTP id 21E76C9441; Sun, 24 Sep 2006 15:03:27 +0300 (EEST) Message-ID: <45167208.7070502@lozenetz.org> Date: Sun, 24 Sep 2006 14:54:48 +0300 From: Anton - Valqk User-Agent: Thunderbird 1.5.0.5 (X11/20060728) MIME-Version: 1.0 To: Joerg Pernfuss References: <451666C9.6060902@lozenetz.org> <20060924131838.23bb9ffc@loki.starkstrom.lan> In-Reply-To: <20060924131838.23bb9ffc@loki.starkstrom.lan> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-webreality-MailScanner-Information: Please contact the ISP for more information X-webreality-MailScanner: Found to be clean X-webreality-MailScanner-From: valqk@lozenetz.org Cc: freebsd-stable@freebsd.org Subject: Re: ipstealth question. X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Sep 2006 11:55:13 -0000 You are absolutely right but stealth is a strictly so, I you don't want a ttl change simply don't set net.inet.ip.stealth=1 I was just wondering... Joerg Pernfuss wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sun, 24 Sep 2006 14:06:49 +0300 > Anton - Valqk wrote: > > >> Hi group, >> I was wondering is option >> >> options IPSTEALTH >> >> not in the GENERIC on purpose? >> > > Without knowing the exact number, I am sure not decrementing the > TTL violates at least one RFC. Imagine some datacenter with lots > of FreeBSD installations and IPSTEALTH part of GENERIC. > Ideally they do their routing via FreeBSD/netgraph too. > > Packets won't die, especially if they have a loop somewhere. > > Joerg > - -- > | /"\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a | > | \ / campaign against | 0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 | > | X HTML in email | .the next sentence is true. | > | / \ and news | .the previous sentence was a lie. | > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (FreeBSD) > > iD8DBQFFFmmOH31s/bvKrSQRAoPAAJ4wod2pT6Irr8AzhF7M4LRaXJZ7TwCdGwQi > y0kNNpGp0xG96o11YxfE2a8= > =MXk6 > -----END PGP SIGNATURE----- > > !DSPAM:45166995563711581215491! > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.