Date: Mon, 21 Aug 2000 17:37:14 -0400 From: Bill Fumerola <billf@chimesnet.com> To: William Wong <willwong@anime.ca> Cc: freebsd-security@freebsd.org Subject: Re: icmptypes Message-ID: <20000821173714.D57333@jade.chc-chimes.com> In-Reply-To: <003c01c00bb7$94783340$0300a8c0@anime.ca>; from willwong@anime.ca on Mon, Aug 21, 2000 at 05:34:25PM -0400 References: <Pine.LNX.3.95.1000821102609.7312A-100000@ux1.ibb.net> <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> <003c01c00bb7$94783340$0300a8c0@anime.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 21, 2000 at 05:34:25PM -0400, William Wong wrote:
> Thanks for the responses. I've got a somewhat follow up question.
> Instead of just dropping an icmp packet with say ipfw's deny rule, is there
> a "polite" way to deny the packet. To clarify, I want to send an equivalent
> of a "tcp reset" back, to let them know it's closed. Or is there no such
> thing as this for the icmp protocol? I'm not that familiar with this
> protocol as you can see.
Instead of 'deny' use 'reset'. Of course, this opens you up to a multitude
of DoS related problems, but you're at least being a good neighbor....
--
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
billf@chimesnet.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000821173714.D57333>