Date: Mon, 21 Aug 2000 17:59:26 -0400 From: "William Wong" <willwong@anime.ca> To: "Bill Fumerola" <billf@chimesnet.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: icmptypes Message-ID: <006301c00bbb$13b9afa0$0300a8c0@anime.ca> References: <Pine.LNX.3.95.1000821102609.7312A-100000@ux1.ibb.net> <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> <003c01c00bb7$94783340$0300a8c0@anime.ca> <20000821173714.D57333@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Bill, I tried to "reset icmp" and it said that reset it only valid for tcp packets. Would the polite way be to use some sort of "unreach" code? Regards, - Will > > Instead of just dropping an icmp packet with say ipfw's deny rule, is there > > a "polite" way to deny the packet. To clarify, I want to send an equivalent > > of a "tcp reset" back, to let them know it's closed. Or is there no such > > thing as this for the icmp protocol? > > Instead of 'deny' use 'reset'. Of course, this opens you up to a multitude > of DoS related problems, but you're at least being a good neighbor.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006301c00bbb$13b9afa0$0300a8c0>