From owner-freebsd-security Mon Aug 21 14:59:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from maildrop.velocet.net (maildrop.velocet.net [216.126.74.5]) by hub.freebsd.org (Postfix) with ESMTP id 304F037B506 for ; Mon, 21 Aug 2000 14:59:29 -0700 (PDT) Received: from magus (anime.ca [204.138.55.45]) by maildrop.velocet.net (Postfix) with SMTP id 391A978205; Mon, 21 Aug 2000 17:59:27 -0400 (EDT) Message-ID: <006301c00bbb$13b9afa0$0300a8c0@anime.ca> From: "William Wong" To: "Bill Fumerola" Cc: References: <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> <003c01c00bb7$94783340$0300a8c0@anime.ca> <20000821173714.D57333@jade.chc-chimes.com> Subject: Re: icmptypes Date: Mon, 21 Aug 2000 17:59:26 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Bill, I tried to "reset icmp" and it said that reset it only valid for tcp packets. Would the polite way be to use some sort of "unreach" code? Regards, - Will > > Instead of just dropping an icmp packet with say ipfw's deny rule, is there > > a "polite" way to deny the packet. To clarify, I want to send an equivalent > > of a "tcp reset" back, to let them know it's closed. Or is there no such > > thing as this for the icmp protocol? > > Instead of 'deny' use 'reset'. Of course, this opens you up to a multitude > of DoS related problems, but you're at least being a good neighbor.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message