Date: Tue, 8 Jul 2003 13:13:39 +0200 From: Socketd <db@traceroute.dk> To: Terry Lambert <tlambert2@mindspring.com>, hackers@freebsd.org Subject: Re: 5 "Advanced" networking questions Message-ID: <20030708131339.16da151f.db@traceroute.dk> In-Reply-To: <3F0A9A1C.25E6EB35@mindspring.com> References: <20030707012205.3103dfc8.db@traceroute.dk> <20030707153314.GA1695@webboy.soth.at> <20030707180252.44036c61.db@traceroute.dk> <3F0A9A1C.25E6EB35@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 08 Jul 2003 03:17:00 -0700 Terry Lambert <tlambert2@mindspring.com> wrote: > Socketd wrote: > > Ok, anyway to prevent sending ICMP's when ttl = 0? Or do I need a > > firewall? > > I guess you want to do this so that you can break path MTU > discovery and fail to properly exchange packets with the DF > bit set in the headers, and which don't take into account > intermediate links with smaller MTUs, like VPNs or PPPOE > links? > > What exactly are you getting from disabling ICMP, besides a > broken network connection to some systems you may wish to be > able to exchange packets with? I don't want to disable ICMP, just don't want to respond when ttl=0, meaning when my firewall/gateway is on a "traceroute path". br socketd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030708131339.16da151f.db>