Date: Mon, 18 Dec 2000 11:06:19 -0500 (EST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Jesper Skriver <jesper@skriver.dk> Cc: security@freebsd.org Subject: Re: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h Message-ID: <200012181606.LAA20972@khavrinen.lcs.mit.edu> In-Reply-To: <20001217155826.A16170@skriver.dk> References: <20001217012007.A18038@citusc.usc.edu> <17340.977045052@critter> <20001217015414.A18302@citusc.usc.edu> <20001217155826.A16170@skriver.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 17 Dec 2000 15:58:26 +0100, Jesper Skriver <jesper@skriver.dk> said: > It solves problems when trying to connects to hosts behind packet > filters and/or firewalls, and I can add that Linux has this "feature" > enabled by default, atleast since kernel v2.0 which was the oldest box I > could find. I would suggest that these ICMP errors should be treated in the same way as net/host unreachable -- that is, recorded for the purposes of useful error reporting, but not acted upon immediately. 112[23] has its share of bugs. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012181606.LAA20972>