At 12:12 19/03/2001 -0500, Garrett Wollman wrote:
><<On Sat, 17 Mar 2001 22:03:53 +0100, Harald Alvestrand
><[EMAIL PROTECTED]> said:
>
> > That's my reason to use the TTL decrement; if someone shows me a device
> > where a packet comes in on one interface with a certain TTL, and it comes
> > out on another interface with a lower TTL but no other significant
> changes,
> > I call it a router.
>
>Except that I can now show you a ``stealth router'' -- a device which
>acts in all respects like a router, except that it does not decrement
>the TTL field or generate ICMP Time Exceeded messages. (Typically
>this is done to interpose a packet-filtering router without making it
>visible to remote attackers.)
then I don't call it a router, but a filtering bridge....I know I'm
simple-minded :-)
(it would be interesting to hang 2 of these between 2 ethernets,
misconfigure them to think that the external gateway is on the other net,
and see how many packets they can forward per second....department of
perverse joys :-)
--
Harald Tveit Alvestrand, [EMAIL PROTECTED]
+47 41 44 29 94
Personal email: [EMAIL PROTECTED]
