[nsp] Filter based forwarding
micky
micky at apol.com.tw
Thu Nov 6 03:32:30 EST 2003
Hi
Yes, I have tried and found tracert tool under windows using 92 bytes in
size
Micky
----- Original Message -----
From: "Gert Doering" <gert at greenie.muc.de>
To: "micky" <micky at apol.com.tw>
Cc: "Ken Hays" <hays at acns.fsu.edu>; "james" <hackerwacker at cybermesa.com>;
<cisco-nsp at puck.nether.net>; "Blaz Zupan" <blaz at inlimbo.org>
Sent: Thursday, November 06, 2003 4:28 PM
Subject: Re: [nsp] Filter based forwarding
> Hi,
>
> On Thu, Nov 06, 2003 at 08:28:29AM +0800, micky wrote:
> > I just don't know how to tell nachi-worm and normal icmp
> > How do I differentiate difference between them ?
>
> Nachi packets have the Evil Bit set - see RFC 3514.
>
> gert
>
> PS: read the RFC, it's worth it. But of course it's an April's Fool's
> joke. There is nothing special about Nachi ICMPs, except that they are
> always 92 byte in size - and it's perfectly legal for an ICMP ping to be
> 92 byte in size, which makes it very hard to do Nachi filtering without
> hurting legitimate use.
> --
> USENET is *not* the non-clickable part of WWW!
>
//www.muc.de/~gert/
> Gert Doering - Munich, Germany
gert at greenie.muc.de
> fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de
>
More information about the cisco-nsp
mailing list