From owner-freebsd-net Tue Dec 21 2:33:41 1999 Delivered-To: freebsd-net@freebsd.org Received: from relay.wplus.net (relay.wplus.net [195.131.52.179]) by hub.freebsd.org (Postfix) with ESMTP id C30691534F for ; Tue, 21 Dec 1999 02:33:37 -0800 (PST) (envelope-from dms@woland.wplus.net) Received: from woland.wplus.net (woland.wplus.net [195.131.0.39]) by relay.wplus.net (8.9.1/8.9.1/wplus.2) with ESMTP id NAA68949; Tue, 21 Dec 1999 13:33:01 +0300 (MSK) X-Real-To: net@FreeBSD.ORG Received: (from dms@localhost) by woland.wplus.net (8.9.3/8.9.1/wplus.2) id NAA80977; Tue, 21 Dec 1999 13:33:35 +0300 (MSK) Message-ID: X-Mailer: XFMail 1.4.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <199912202252.OAA18142@rumi.usc.edu> Date: Tue, 21 Dec 1999 13:33:35 +0300 (MSK) From: Dmitry Samersoff To: Pavlin Ivanov Radoslavov Subject: RE: TTL and FreeBSD-3.4 Cc: net@FreeBSD.ORG Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 20-Dec-1999 Pavlin Ivanov Radoslavov wrote: > I just got the announcement for the FreeBSD-3.4 release and > something caught my attention: > > 1.2. SECURITY CHANGES > --------------------- > > Support has been added for forwarding IP datagrams without > inspecting or > decreasing the TTL in order to make gateways and firewalls less > visible > and therefore less exposed to attacks. > ====== > > I understand the security concern and the motivations for adding > this feature, but isn't forwarding IP datagrams without decreasing > their TTL a violation of one of the requirements > for the routers (e.g RFC 1812, Section 5.2.1.2 (step 7) and 5.3.1). > By not following this requirement, there is great danger from > looping packets infinitely, which could be much worse than > someone discovering your gateway IP address. IMHO, FreeBSD it self is dangerous enough, because all source is available ;-)) All such patches believe that I well know what I'm doing, and save my time because I need not make such patches by hand. -- Dmitry Samersoff, dms@wplus.net, ICQ:3161705 http://devnull.wplus.net * There will come soft rains ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message