|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Darren Reed (darrenr
reed.wattle.id.au)Date: Thu Jul 19 2001 - 05:21:11 CDT
In some email I received from Emmanuel Dreyfus, sie wrote:
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> On Thu, Jul 19, 2001 at 07:02:46PM +1000, Darren Reed wrote:
> > Correct. This is nearly never useful because the "next hop" that is the
> > redirected gateway must be on the local LAN.
>
> Yes, but this could be used as a denial of service attack: Ruth can watch Bob's
> connexion, then Ruth can send Bob an ICMP redirect through the firewall to a
> machine on his LAN that does not forward IP packets, and Bob is stuck.
>
> Is that right?
Yup.
Ruth can also send Bob a TCP RST and cause the connection to shut down, too.
Plus any other number of things.
So what's your point ?
Darren
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]