On 2005-01-19 Phil Dyer wrote: > Ansgar -59cobalt- Wiechers said: >>> Also applies to more than icmp. Wrong interface? -- drop. >> >> REJECT, not DROP. > > If I get a packet from the 'net that tries to tell me it's coming from > an ip that is connected to me via a different interface than where it > came in on[1], then I'm assuming spoofing and dropping it on the > floor. I'm not going to REJECT and send an icmp port unreachable back.
You're right. Spoofed traffic may be dropped all the way, but with broadcasts I would prefer to reject the packets. Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
