Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
* Roman Kennke <roman@...> 9. Jan 04
> > From the technical aspect not to answer to a request is not the
> > right behaviour of a device conform to RFCs.
> What about a compromise like this: In general allow RFC-compliant
> traffic, but thightly control REJECTs and some ICMP traffic with --limit
> and DROP the rest, this should help alot against DoS (if this is at all
> possible with REJECTs).
You get my full acknowledge for this. More general I would restate,
that you MUST[1] behave conform to RFCs as long as your communication
partner does. If (s)he offends standards (say: repetitive ignoring ICMP
errors) you MAY[1] leave standards for this host, too.
Can we reach this agreement?
Regards, Frank.
===footnote===
[1] in the way another RFC defines this word
--
Sigmentation fault
--
gentoo-security@g.o mailing list
|
|
