[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ICMP Unreachable messages.



I know this has probably come up many times before.

How much can one depend on the reliability of unreachable network messages.

Some issues.

1) lost packets (bad guy in the middle, router misconfiguration, inappropriate 
adminstration)

2) modified packets (bad guy in middle)

3) injected packets (bad guy anywhere)

4) excessive packets (overload situation, bad guy anywhere)


Since we already have a stipulation that ICMP MTU size exceeded packets need
to be forwarded for MTU discovery to work, I believe a precedent is already in
place that mandates that important ICMP messages should be forwarded ruling
out (1).

Questions arising...

Can such information be authenticated in a reasonable manner?

Can such information be anycast to other networks rather than being sent to
individual hosts?  If so, should it?

Peter

--
Peter R. Tattam                            peter@trumpet.com
Managing Director,    Trumpet Software International Pty Ltd
Hobart, Australia,  Ph. +61-3-6245-0220,  Fax +61-3-62450210