>> It seems that most (all?) existing packet filtering implementations
>> simply drop packets when they should not be passed. Wouldn't it be
>> better to send an ICMP Destination Unreachable type 9 "Communication
>> with destination network administratively prohibited" (this message is
>> defined by RFC 1122).
If you haven't already, you should check out Jeff Mogul's screend code
(its available via anonymous ftp from gatekeeper.dec.com). It also
comes with Ultrix 4.2 (and above). So, if you have an Ultrix machine
nearby, man screend will be helpful.
It logs the packet header when packets are rejected. Also, there are
switches you can give it to log packet headers on accepted connections
as well, but that could get voluminous as it would log every packet
header it saw during the life of the connection.
The daemon (screend) compiles easily enough, but you need to make some
minor kernel mods to whatever OS you are running (if not Ultrix) for
things to work. It's all documented in the screend.tar.Z file on
gatekeeper.
------
Tim Guarnieri timg @
mv .
us .
adobe .
com
Adobe Systems Incorporated, Mountain View, CA adobe!timg
References:
|
|
