Re: Off Topic: iptables, ping, traceroute

To: debian-user@lists.debian.org
Subject: Re: Off Topic: iptables, ping, traceroute
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Mon, 16 Jul 2001 20:33:41 -0300
Message-id: <[🔎] 20010716203341.C30940@godzillah>
In-reply-to: <[🔎] 20010716171143.B32254@kitenet.net>; from joey@kitenet.net on Mon, Jul 16, 2001 at 05:11:43PM -0400
References: <[🔎] 20010716143029.B4303@bodach.org> <[🔎] 20010716171143.B32254@kitenet.net>

On Mon, 16 Jul 2001, Joey Hess wrote:
> As an only marginally related question, does anyone know of a good way
> to configure a linux system to refuse all connections to any system that
> is brokenly not responding to ICMP packets?

Hmm... very, very nice idea.

I suppose a modified version of the syncookies support, which instead of
syncooking, requires a ping reply (sent upon ACKing the SYN packet) with the
cookie to establish the connection would do it.  

Of course, anyone using this and not enforcing ECN is not making any sense
;)

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Off Topic: iptables, ping, traceroute
  - From: William Jensen <jensenb@bodach.org>
- Re: Off Topic: iptables, ping, traceroute
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: Kernel upgrade
Next by Date: Re: But ....
Previous by thread: Re: Off Topic: iptables, ping, traceroute
Next by thread: Re: Off Topic: iptables, ping, traceroute
Index(es):
- Date
- Thread