Date: Mon, 20 Nov 2000 06:31:06 +0100 (CET) From: "Scumley O'Fluffigan" <FLUFFIE@FREE-PR0N.NETSCUM.DK> To: hackers@freebsd.org Subject: Re: React to ICMP administratively prohibited ? Message-ID: <Pine.BSF.3.96.1001120061924.16503D-100000@ME0WVAX.INT.TELE.DK> In-Reply-To: <fa.ij2s57v.i7oi1p@ifi.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 Nov 2000, Alfred Perlstein wrote: > > This timeout could be avoided if the sending mail server reacted to the > > 'ICMP administratively prohibited' they got from our router. > > > > $ telnet nemo.dyndns.dk 25 > > Trying 193.89.247.125... > > telnet: Unable to connect to remote host: No route to host > > $ uname -a > > Linux xyz.dk 2.0.32 #1 Wed Nov 19 00:46:45 EST 1997 i586 unknown > > > > Wouldn't it be a idea to implement a similar behaviour in FreeBSD ? > > Probably not, what if one started a stream of spoofed ICMP lying > about the state of the route between the two machines? I have > the impression that the Linux box wouldn't be able to connect > because of this behavior. I wouldn't be surprised if this was introduced to linux because of the ridiculously long timeouts they have for connections to ports other than 23, or at least, used to have back when I experienced them. Eliminating this wait for a timeout would shave maybe a minute off delivery time for most OSen, except for b0rken mailers that will always try to deliver to the firewalled MX machine instead of the lower-priority backups. Not that those will concern me at all. It's more of a relatively minor inconvenience that the primary MX machine isn't reachable for the world any more... I did work some ten years ago through terminal access um, devices that did react to ICMP messages received in the middle of an already established connection. Very annoying. You don't want to do this. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1001120061924.16503D-100000>