Re: Path MTU (was: RE:)

To: debian-firewall@lists.debian.org
Subject: Re: Path MTU (was: RE:)
From: Phil Dyer <phil.dyer@cox.net>
Date: Wed, 19 Jan 2005 10:56:15 -0500
Message-id: <41EE831F.7090200@cox.net>
In-reply-to: <20050119163025.B20026@planetcobalt.net>
References: <20050119012739.48122.qmail@web30508.mail.mud.yahoo.com> <41EDC23A.4080302@cox.net> <20050119163025.B20026@planetcobalt.net>

Ansgar -59cobalt- Wiechers said:
>> Also applies to more than icmp. Wrong interface? -- drop.
> 
> REJECT, not DROP.
> 
If I get a packet from the 'net that tries to tell me it's coming from
an ip that is connected to me via a different interface than where it
came in on[1], then I'm assuming spoofing and dropping it on the floor.
I'm not going to REJECT and send an icmp port unreachable back. Anyway,
if I can't figure out what interface to send it out on, the packet is
not going to get to the destination anyway.

[1] Assuming there is no asynchronous routing going on.

/phil

Reply to:

Follow-Ups:
- Re: Path MTU (was: RE:)
  - From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>

References:
- Re: Path MTU (was: RE:)
  - From: Mike Mestnik <cheako911@yahoo.com>
- Re: Path MTU (was: RE:)
  - From: Phil Dyer <phil.dyer@cox.net>
- Re: Path MTU (was: RE:)
  - From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>

Prev by Date: Re: Path MTU (was: RE:)
Next by Date: Duvida !!! porta 1027
Previous by thread: Re: Path MTU (was: RE:)
Next by thread: Re: Path MTU (was: RE:)
Index(es):
- Date
- Thread