From owner-freebsd-net Mon Dec 20 14:52:12 1999 Delivered-To: freebsd-net@freebsd.org Received: from catarina.usc.edu (catarina.usc.edu [128.125.51.47]) by hub.freebsd.org (Postfix) with ESMTP id E51A815276 for ; Mon, 20 Dec 1999 14:52:09 -0800 (PST) (envelope-from pavlin@catarina.usc.edu) Received: from rumi.usc.edu (rumi.usc.edu [128.125.51.41]) by catarina.usc.edu (8.9.3/8.9.3) with ESMTP id OAA22387; Mon, 20 Dec 1999 14:52:08 -0800 (PST) Received: from rumi (localhost [127.0.0.1]) by rumi.usc.edu (8.9.3/8.9.3) with ESMTP id OAA18142; Mon, 20 Dec 1999 14:52:15 -0800 (PST) Message-Id: <199912202252.OAA18142@rumi.usc.edu> To: net@freebsd.org Cc: pavlin@catarina.usc.edu Subject: TTL and FreeBSD-3.4 Date: Mon, 20 Dec 1999 14:52:15 -0800 From: Pavlin Ivanov Radoslavov Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I just got the announcement for the FreeBSD-3.4 release and something caught my attention: 1.2. SECURITY CHANGES --------------------- Support has been added for forwarding IP datagrams without inspecting or decreasing the TTL in order to make gateways and firewalls less visible and therefore less exposed to attacks. ====== I understand the security concern and the motivations for adding this feature, but isn't forwarding IP datagrams without decreasing their TTL a violation of one of the requirements for the routers (e.g RFC 1812, Section 5.2.1.2 (step 7) and 5.3.1). By not following this requirement, there is great danger from looping packets infinitely, which could be much worse than someone discovering your gateway IP address. Thanks, Pavlin P.S. I am not on the mailing list. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message