DoS, ICMP, proxies, SYNDefender
Tim Bass
bass at linux.silkroad.com
Thu Oct 3 21:58:28 UTC 1996
> Tim, unfortunately ICMP UNREACHABLE can be sent some intermediate
> router during routing flip process. For this reason some customer
> prefer cut off this sort of ICMP - it would break running TCP connection.
Understood, however the conditions to terminate the connection
is not just as simple as UNREACHABLE. A few possible conditions:
(1) UNREACHABLE && TCP_SYN_STATE
(2) UNREACHABLE && TCP_SYN_STATE && sk->time_in_state
VR,
Tim
More information about the NANOG
mailing list