Re: Path MTU (was: RE:)

To: debian-firewall@lists.debian.org
Subject: Re: Path MTU (was: RE:)
From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>
Date: Fri, 21 Jan 2005 23:38:02 +0100
Message-id: <20050121233802.B31033@planetcobalt.net>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <41EE831F.7090200@cox.net>; from phil.dyer@cox.net on Wed, Jan 19, 2005 at 10:56:15AM -0500
References: <20050119012739.48122.qmail@web30508.mail.mud.yahoo.com> <41EDC23A.4080302@cox.net> <20050119163025.B20026@planetcobalt.net> <41EE831F.7090200@cox.net>

On 2005-01-19 Phil Dyer wrote:
> Ansgar -59cobalt- Wiechers said:
>>> Also applies to more than icmp. Wrong interface? -- drop.
>> 
>> REJECT, not DROP.
> 
> If I get a packet from the 'net that tries to tell me it's coming from
> an ip that is connected to me via a different interface than where it
> came in on[1], then I'm assuming spoofing and dropping it on the
> floor. I'm not going to REJECT and send an icmp port unreachable back.

You're right. Spoofed traffic may be dropped all the way, but with
broadcasts I would prefer to reject the packets.

Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin

Reply to:

Follow-Ups:
- Re: Path MTU (was: RE:)
  - From: Bernd Eckenfels <lists@lina.inka.de>

References:
- Re: Path MTU (was: RE:)
  - From: Mike Mestnik <cheako911@yahoo.com>
- Re: Path MTU (was: RE:)
  - From: Phil Dyer <phil.dyer@cox.net>
- Re: Path MTU (was: RE:)
  - From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>
- Re: Path MTU (was: RE:)
  - From: Phil Dyer <phil.dyer@cox.net>

Prev by Date: Re: Path MTU (was: RE:)
Next by Date: Re: Path MTU (was: RE:)
Previous by thread: Re: Path MTU (was: RE:)
Next by thread: Re: Path MTU (was: RE:)
Index(es):
- Date
- Thread