Date: Tue, 21 Dec 1999 13:33:35 +0300 (MSK) From: Dmitry Samersoff <dms@wplus.net> To: Pavlin Ivanov Radoslavov <pavlin@catarina.usc.edu> Cc: net@FreeBSD.ORG Subject: RE: TTL and FreeBSD-3.4 Message-ID: <XFMail.19991221133335.dms@wplus.net> In-Reply-To: <199912202252.OAA18142@rumi.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20-Dec-1999 Pavlin Ivanov Radoslavov wrote: > I just got the announcement for the FreeBSD-3.4 release and > something caught my attention: > > 1.2. SECURITY CHANGES > --------------------- > <del> > Support has been added for forwarding IP datagrams without > inspecting or > decreasing the TTL in order to make gateways and firewalls less > visible > and therefore less exposed to attacks. > ====== > > I understand the security concern and the motivations for adding > this feature, but isn't forwarding IP datagrams without decreasing > their TTL a violation of one of the requirements > for the routers (e.g RFC 1812, Section 5.2.1.2 (step 7) and 5.3.1). > By not following this requirement, there is great danger from > looping packets infinitely, which could be much worse than > someone discovering your gateway IP address. IMHO, FreeBSD it self is dangerous enough, because all source is available ;-)) All such patches believe that I well know what I'm doing, and save my time because I need not make such patches by hand. -- Dmitry Samersoff, dms@wplus.net, ICQ:3161705 http://devnull.wplus.net * There will come soft rains ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.19991221133335.dms>