| 1 |
Replying in a specific manner which may have been at one point the |
| 2 |
proper and polite way for an IP stack to behave, often turns into a |
| 3 |
method for abuse. Spoof a bunch of syn packets to a host you know |
| 4 |
replies with a rst, and it sends all those extra packets to a victim |
| 5 |
machine who never sent the syn packet in the first place. So that |
| 6 |
machine sends back "port unreachables" and further clogs up their |
| 7 |
network. |
| 8 |
|
| 9 |
Add to that all the silly microsoft products that either blatantly |
| 10 |
ignore or just never bothered to read the appropriate RFC... For my |
| 11 |
network, I opt to spew out as few replies to unwanted traffic as |
| 12 |
possible. I've already got too many worms out there wasting my bandwidth |
| 13 |
trying to infect me with the sql slammer or whatever the worm of the day |
| 14 |
is. I'd rather not waste any more of my bandwidth telling them that they |
| 15 |
can't connect here. They probably aren't even checking for an icmp |
| 16 |
unreachable message back from me anyway. |
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
On Thu, 2004-01-08 at 14:11, Paul de Vrieze wrote: |
| 21 |
> On Thursday 08 January 2004 21:55, Oliver Schad wrote: |
| 22 |
> > --------------[RFC 792 - INTERNET CONTROL MESSAGE PROTOCOL]--------- |
| 23 |
> > / |
| 24 |
> > |
| 25 |
> > | If, in the destination host, the IP module cannot deliver the |
| 26 |
> > | datagram because the indicated protocol module or process port is |
| 27 |
> > | not active, the destination host may send a destination |
| 28 |
> > | unreachable message to the source host. |
| 29 |
> > |
| 30 |
> > \ |
| 31 |
> > --------------------------------------------------------------- |
| 32 |
> |
| 33 |
> May still means that it is not required, so technically not replying is not an |
| 34 |
> error when looking only at this snippet. |
| 35 |
> |
| 36 |
> Paul |
| 37 |
-- |
| 38 |
Scott Taylor - <scott@××××××××××××××××.net> |
| 39 |
|
| 40 |
"Are you all right?" -Leela |
| 41 |
"Ah, it's nothing a a law suit won't cure." -Bender |
Archives