From owner-freebsd-net Wed Dec 22 0:41:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from databus.databus.com (databus.databus.com [198.186.154.34]) by hub.freebsd.org (Postfix) with SMTP id E4FBA14FA2 for ; Wed, 22 Dec 1999 00:41:23 -0800 (PST) (envelope-from barney@databus.databus.com) From: Barney Wolff To: freebsd-net@freebsd.org Date: Wed, 22 Dec 1999 03:37 EST Subject: Re: TTL and FreeBSD-3.4 Content-Length: 1483 Content-Type: text/plain Message-ID: <38608dcf0.5bdf@databus.databus.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Did you not see the line > ip->ip_ttl -= IPTTLDEC; which is skipped when stealth is on? Looks like decrementing the ttl, to me. But a bridge (aka switch, these days) doesn't do it either. It's safe iff two stealthed devices are never directly connected to each other. Barney Wolff > Date: Wed, 22 Dec 1999 00:04:22 -0800 > From: Pavlin Ivanov Radoslavov > > However, IPSTEALTH matters only in the following code (in > netinet/ip_input.c): > > #ifdef IPSTEALTH > if (!ipstealth) { > #endif > if (ip->ip_ttl <= IPTTLDEC) { > icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, > dest, 0); > return; > } > ip->ip_ttl -= IPTTLDEC; > #ifdef IPSTEALTH > } > #endif > > So, IPSTEALTH can be used to configure a router such that it will > not respond by ICMP "TTL Exceeded" if the ttl of the IP data packet > is <= 1, and therefore it will be invisible to traceroute. This is > completely different from the explanation in the LINT and from the > text in the original annoucement, and is quite harmless, unlike the > described there "stealth forwarding". > > Is this all what IPSTEALTH and "stealth forwarding" is about, or > there is something more? > If this is all, then probably the explanation text in LINT should be > fixed, otherwise it may scare other people as well :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message