[nsp] Filter based forwarding
Gert Doering
gert at greenie.muc.de
Thu Nov 6 03:28:02 EST 2003
Hi,
On Thu, Nov 06, 2003 at 08:28:29AM +0800, micky wrote:
> I just don't know how to tell nachi-worm and normal icmp
> How do I differentiate difference between them ?
Nachi packets have the Evil Bit set - see RFC 3514.
gert
PS: read the RFC, it's worth it. But of course it's an April's Fool's
joke. There is nothing special about Nachi ICMPs, except that they are
always 92 byte in size - and it's perfectly legal for an ICMP ping to be
92 byte in size, which makes it very hard to do Nachi filtering without
hurting legitimate use.
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list