|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DoS, ICMP, proxies, SYNDefender
>From: Tim Bass <[email protected]> > >> Tim, unfortunately ICMP UNREACHABLE can be sent some intermediate >> router during routing flip process. For this reason some customer >> prefer cut off this sort of ICMP - it would break running TCP connection. > >Understood, however the conditions to terminate the connection >is not just as simple as UNREACHABLE. A few possible conditions: >(1) UNREACHABLE && TCP_SYN_STATE >(2) UNREACHABLE && TCP_SYN_STATE && sk->time_in_state I am not shure that it is in _ALL_ host types. Experience gave me that some time I had problem with uninterraptable service up to I configure router to cut off ICMP UNREACHABLE from outside. - Leonid Yegoshin, LY22 - - - - - - - - - - - - - - - - -
|