> On Sun, Dec 23, 2001 at 02:29:14AM +0300, Maxim Konovalov wrote:
>>
>> On 18:51+0300, Dec 21, 2001, Yar Tikhiy wrote:
>>
>> > I made a patch that adds the "stealthy IP options feature".
>> > Honestly, now I'm afraid it's "much ado about nothing", given how
>> > clumsy solution is needed for s
On Sun, Dec 23, 2001 at 02:29:14AM +0300, Maxim Konovalov wrote:
>
> On 18:51+0300, Dec 21, 2001, Yar Tikhiy wrote:
>
> > I made a patch that adds the "stealthy IP options feature".
> > Honestly, now I'm afraid it's "much ado about nothing", given how
> > clumsy solution is needed for such a sma
Hello,
On 18:51+0300, Dec 21, 2001, Yar Tikhiy wrote:
> On Wed, Dec 19, 2001 at 08:54:50PM +0300, Maxim Konovalov wrote:
> > On 19:49+0300, Dec 19, 2001, Yar Tikhiy wrote:
> >
> > > As for source routing, I believe a stealthy router should just drop
> > > such packets as though it were a host.
Hi, Yar,
On 19:12+0300, Dec 21, 2001, Yar Tikhiy wrote:
> On Thu, Dec 20, 2001 at 01:24:48AM +0300, Maxim Konovalov wrote:
> >
> > > Neither RFC 791 nor RFC 1122 nor RFC 1812 specify the following:
> > > if a source-routed IP packet reachs the end of its route, but its
> > > destination address
On Wed, Dec 19, 2001 at 08:54:50PM +0300, Maxim Konovalov wrote:
> On 19:49+0300, Dec 19, 2001, Yar Tikhiy wrote:
>
> > As for source routing, I believe a stealthy router should just drop
> > such packets as though it were a host. Of course, source-routed
> > packets destined for the router itse
On Thu, Dec 20, 2001 at 01:24:48AM +0300, Maxim Konovalov wrote:
>
> > Neither RFC 791 nor RFC 1122 nor RFC 1812 specify the following:
> > if a source-routed IP packet reachs the end of its route, but its
> > destination address doesn't match a current host/router, whether
> > the packet should
On Thu, Dec 20, 2001 at 12:50:39AM +0300, Yar Tikhiy wrote:
>
> Source routing itself is a Bad Thing, as is TELNET or rlogin.
Telnet with Kerberos or other security options can be a fine thing.
--
Ben
"An art scene of delight
I created this to be ..." -- Sun Ra
To Unsubscribe:
Morning,
On 00:35+0300, Dec 20, 2001, Yar Tikhiy wrote:
> On Wed, Dec 19, 2001 at 08:54:50PM +0300, Maxim Konovalov wrote:
> >
> > By the way, is it correct to forward the packet with incorrect ip
> > options? Now we do not.
>
> No RFC seems to specify that particularly. However, RFC 1812 read
On Wed, Dec 19, 2001 at 10:32:42PM +0100, Wilko Bulte wrote:
> >
> > First of all we should decide what IPSTEALTH is for. Is it just a
> > Ruslan's net.inet.ip.decttl or it should really stealth the fact of
> > the routing? If the latter how do we behave in source routing case?
>
> I would assum
On Wed, Dec 19, 2001 at 08:54:50PM +0300, Maxim Konovalov wrote:
>
> By the way, is it correct to forward the packet with incorrect ip
> options? Now we do not.
No RFC seems to specify that particularly. However, RFC 1812 reads
in general:
(1) A router MUST verify the IP header, as describe
On Wed, Dec 19, 2001 at 07:23:55PM +0300, Maxim Konovalov wrote:
>
> Hello Yar,
>
> On 18:19+0300, Dec 19, 2001, Yar Tikhiy wrote:
>
> > Hi there,
> >
> > I ran into an absolutely clear, but year-old PR pointing out that
> > a router in the IPSTEALTH mode will reveal itself when processing
> >
On Wed, Dec 19, 2001 at 08:54:50PM +0300, Maxim Konovalov wrote:
> On 19:49+0300, Dec 19, 2001, Yar Tikhiy wrote:
>
> > On Wed, Dec 19, 2001 at 07:23:55PM +0300, Maxim Konovalov wrote:
> > >
> > > > I ran into an absolutely clear, but year-old PR pointing out that
> > > > a router in the IPSTEALT
On 19:49+0300, Dec 19, 2001, Yar Tikhiy wrote:
> On Wed, Dec 19, 2001 at 07:23:55PM +0300, Maxim Konovalov wrote:
> >
> > > I ran into an absolutely clear, but year-old PR pointing out that
> > > a router in the IPSTEALTH mode will reveal itself when processing
> > > IP options: kern/23123.
> > >
On Wed, Dec 19, 2001 at 05:33:13PM +0200, Ruslan Ermilov wrote:
> On Wed, Dec 19, 2001 at 06:19:29PM +0300, Yar Tikhiy wrote:
> >
> > I ran into an absolutely clear, but year-old PR pointing out that
> > a router in the IPSTEALTH mode will reveal itself when processing
> > IP options: kern/23123.
On Wed, Dec 19, 2001 at 07:23:55PM +0300, Maxim Konovalov wrote:
>
> > I ran into an absolutely clear, but year-old PR pointing out that
> > a router in the IPSTEALTH mode will reveal itself when processing
> > IP options: kern/23123.
> >
> > The fix proposed seems clean and right to me: don't do
On Wed, Dec 19, 2001 at 07:23:55PM +0300, Maxim Konovalov wrote:
>
> Hello Yar,
>
> On 18:19+0300, Dec 19, 2001, Yar Tikhiy wrote:
>
> > Hi there,
> >
> > I ran into an absolutely clear, but year-old PR pointing out that
> > a router in the IPSTEALTH mode will reveal itself when processing
> >
Hello Yar,
On 18:19+0300, Dec 19, 2001, Yar Tikhiy wrote:
> Hi there,
>
> I ran into an absolutely clear, but year-old PR pointing out that
> a router in the IPSTEALTH mode will reveal itself when processing
> IP options: kern/23123.
>
> The fix proposed seems clean and right to me: don't do IP
On Wed, Dec 19, 2001 at 06:19:29PM +0300, Yar Tikhiy wrote:
> Hi there,
>
> I ran into an absolutely clear, but year-old PR pointing out that
> a router in the IPSTEALTH mode will reveal itself when processing
> IP options: kern/23123.
>
> The fix proposed seems clean and right to me: don't do I
On Wed, 19 Dec 2001, Yar Tikhiy wrote:
> Hi there,
>
> I ran into an absolutely clear, but year-old PR pointing out that
> a router in the IPSTEALTH mode will reveal itself when processing
> IP options: kern/23123.
>
> The fix proposed seems clean and right to me: don't do IP options
> at all wh
Hi there,
I ran into an absolutely clear, but year-old PR pointing out that
a router in the IPSTEALTH mode will reveal itself when processing
IP options: kern/23123.
The fix proposed seems clean and right to me: don't do IP options
at all when in the IPSTEALTH mode. Does anyone have objections?
20 matches
Mail list logo
