|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DoS, ICMP, proxies, SYNDefender
> Tim, unfortunately ICMP UNREACHABLE can be sent some intermediate > router during routing flip process. For this reason some customer > prefer cut off this sort of ICMP - it would break running TCP connection. Understood, however the conditions to terminate the connection is not just as simple as UNREACHABLE. A few possible conditions: (1) UNREACHABLE && TCP_SYN_STATE (2) UNREACHABLE && TCP_SYN_STATE && sk->time_in_state VR, Tim - - - - - - - - - - - - - - - - -
|