[Gllug] Opinions on Smoothwall and other firewalls

[tet at accucard.com]

>Out of curiousity, would you mind explaining the reasons why not
>decrementing the TTL is a Bad Thing, because I just don't see it?
>What am I missing?[1] Surely, no-one in their right mind would be using
>a totally invisible firewall for anything but being a firewall?

Consider a network with two (or more) transparent proxies or firewalls.
Then consider when one of them has a flawed routing table, such that it
routes traffic back to one of the other transparent devices rather than
on to its correct destination. Because none of the devices in the routing
loop are decrementing TTL, the packet lives forever. It doesn't take too
long before your network is unable to cope with the volume of immortal
packets bouncing backwards and forwards.

No, this isn't purely theoretical. I've seen it happen in real life
(although fortunately not on a network for which I was responsible).

Tet

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug