[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Dropping stealthing from opsec; Anyone for a little I>R<TF work ?
George Jones writes:
> Sorry....I guess I should have been more clear...the goal IS to
> make the core invisible beyond the edge.
I'm not sure I understand the point of this[1], but please do consider
the effect of such a plan on path MTU discovery. The ICMP messages
from within the core do need to make it out to the sender in _some_
form.
[1] It's not just to hide the IP addresses, is it? That'd just be
security-by-obscurity. I don't think that treating IP addresses
as secrets is a viable plan.
--
James Carlson, IP Systems Group <james.d.carlson@sun.com>
Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677