Re: Path MTU (was: RE:)
On 2005-01-19 Phil Dyer wrote:
> Ansgar -59cobalt- Wiechers said:
>>> Also applies to more than icmp. Wrong interface? -- drop.
>>
>> REJECT, not DROP.
>
> If I get a packet from the 'net that tries to tell me it's coming from
> an ip that is connected to me via a different interface than where it
> came in on[1], then I'm assuming spoofing and dropping it on the
> floor. I'm not going to REJECT and send an icmp port unreachable back.
You're right. Spoofed traffic may be dropped all the way, but with
broadcasts I would prefer to reject the packets.
Regards
Ansgar Wiechers
--
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
Reply to: