[Gllug] Opinions on Smoothwall and other firewalls
tet at accucard.com
tet at accucard.com
Thu Oct 11 17:09:04 UTC 2001
>Out of curiousity, would you mind explaining the reasons why not
>decrementing the TTL is a Bad Thing, because I just don't see it?
>What am I missing?[1] Surely, no-one in their right mind would be using
>a totally invisible firewall for anything but being a firewall?
Consider a network with two (or more) transparent proxies or firewalls.
Then consider when one of them has a flawed routing table, such that it
routes traffic back to one of the other transparent devices rather than
on to its correct destination. Because none of the devices in the routing
loop are decrementing TTL, the packet lives forever. It doesn't take too
long before your network is unable to cope with the volume of immortal
packets bouncing backwards and forwards.
No, this isn't purely theoretical. I've seen it happen in real life
(although fortunately not on a network for which I was responsible).
Tet
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list