1 |
Replying in a specific manner which may have been at one point the |
2 |
proper and polite way for an IP stack to behave, often turns into a |
3 |
method for abuse. Spoof a bunch of syn packets to a host you know |
4 |
replies with a rst, and it sends all those extra packets to a victim |
5 |
machine who never sent the syn packet in the first place. So that |
6 |
machine sends back "port unreachables" and further clogs up their |
7 |
network. |
8 |
|
9 |
Add to that all the silly microsoft products that either blatantly |
10 |
ignore or just never bothered to read the appropriate RFC... For my |
11 |
network, I opt to spew out as few replies to unwanted traffic as |
12 |
possible. I've already got too many worms out there wasting my bandwidth |
13 |
trying to infect me with the sql slammer or whatever the worm of the day |
14 |
is. I'd rather not waste any more of my bandwidth telling them that they |
15 |
can't connect here. They probably aren't even checking for an icmp |
16 |
unreachable message back from me anyway. |
17 |
|
18 |
|
19 |
|
20 |
On Thu, 2004-01-08 at 14:11, Paul de Vrieze wrote: |
21 |
> On Thursday 08 January 2004 21:55, Oliver Schad wrote: |
22 |
> > --------------[RFC 792 - INTERNET CONTROL MESSAGE PROTOCOL]--------- |
23 |
> > / |
24 |
> > |
25 |
> > | If, in the destination host, the IP module cannot deliver the |
26 |
> > | datagram because the indicated protocol module or process port is |
27 |
> > | not active, the destination host may send a destination |
28 |
> > | unreachable message to the source host. |
29 |
> > |
30 |
> > \ |
31 |
> > --------------------------------------------------------------- |
32 |
> |
33 |
> May still means that it is not required, so technically not replying is not an |
34 |
> error when looking only at this snippet. |
35 |
> |
36 |
> Paul |
37 |
-- |
38 |
Scott Taylor - <scott@××××××××××××××××.net> |
39 |
|
40 |
"Are you all right?" -Leela |
41 |
"Ah, it's nothing a a law suit won't cure." -Bender |