Re: Path MTU (was: RE:)

To: Phil Dyer <phil.dyer@cox.net>, debian-firewall@lists.debian.org
Subject: Re: Path MTU (was: RE:)
From: Mike Mestnik <cheako911@yahoo.com>
Date: Fri, 21 Jan 2005 21:16:28 -0800 (PST)
Message-id: <20050122051628.36129.qmail@web30502.mail.mud.yahoo.com>
In-reply-to: <41F1B707.7010106@cox.net>

--- Phil Dyer <phil.dyer@cox.net> wrote:

> Bernd Eckenfels wrote:
> > On Fri, Jan 21, 2005 at 11:38:02PM +0100, Ansgar -59cobalt- Wiechers
> wrote:
> >> You're right. Spoofed traffic may be dropped all the way, but with
> >> broadcasts I would prefer to reject the packets.
> > 
> > If it is a amplifier attack, then sending back packets will hit the
> victim
> > (less hard). I guess its safe to asume hostile intent in ingres
> broadcasts,
> > at east when it is "obvious" broadcast to class-borders like /24.
> > 
> > Greetings
> > Bernd
> > 
> > 
> 
> My point is: how do you send packets back to the sender if the packet
> came in on a connected interface that does not host the network that it
The packet came in.  There should be a MAC(ethernet) address that it came
from.

> says? As a simplistic example, if a packet comes from the external
> internet and says it's coming from an ip on my internal net, how will my
> server route the return packet? It won't. My server's ip stack will try
The first router that sees this needs to be the one to send the reply,
else you will get a loop.  Best to keep the original packets TTL--.

> to send the return packet out my internal interface and will never get
> there. Where ever *there* is. This includes broadcast, multicast,
> everything. Drop it. Stop trying. Bit bucket.
After some bit banging, worst case.

> 
> 
> In addition, I'm not talking about special circumstances like an ISP
> routing traffic from AS to AS where strange traffic must be forwarded.
> I'm talking about stub networks. This is debian-firewall, not nanog. For
> a stub net, I'm dropping all broadcast traffic. I shouldn't get it from
> my isp's router that connects me to the net, and I shouldn't get it from
> anyone else (legitimately) either.
> 
> Name me some broadcast traffic that a stub net receives that is anything
> more than noise from netbios, or dhcp  or similar.
> 
> -- 
> 
> +==========================
> + Phil Dyer
> + email: phil.dyer@cox.net
> +==========================
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 



	
		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail

Reply to:

Follow-Ups:
- Re: Path MTU (was: RE:)
  - From: Phil Dyer <phil.dyer@cox.net>

References:
- Re: Path MTU (was: RE:)
  - From: Phil Dyer <phil.dyer@cox.net>

Prev by Date: Re: Path MTU (was: RE:)
Next by Date: Re: Path MTU (was: RE:)
Previous by thread: Re: Path MTU (was: RE:)
Next by thread: Re: Path MTU (was: RE:)
Index(es):
- Date
- Thread