At 12:12 19/03/2001 -0500, Garrett Wollman wrote:
<<On Sat, 17 Mar 2001 22:03:53 +0100, Harald Alvestrand
<Harald(_at_)Alvestrand(_dot_)no> said:
> That's my reason to use the TTL decrement; if someone shows me a device
> where a packet comes in on one interface with a certain TTL, and it comes
> out on another interface with a lower TTL but no other significant
changes,
> I call it a router.
Except that I can now show you a ``stealth router'' -- a device which
acts in all respects like a router, except that it does not decrement
the TTL field or generate ICMP Time Exceeded messages. (Typically
this is done to interpose a packet-filtering router without making it
visible to remote attackers.)
then I don't call it a router, but a filtering bridge....I know I'm
simple-minded :-)
(it would be interesting to hang 2 of these between 2 ethernets,
misconfigure them to think that the external gateway is on the other net,
and see how many packets they can forward per second....department of
perverse joys :-)
--
Harald Tveit Alvestrand, alvestrand(_at_)cisco(_dot_)com
+47 41 44 29 94
Personal email: Harald(_at_)Alvestrand(_dot_)no