[c-nsp] Help settling an argument :-)
Mikael Abrahamsson
swmike at swm.pp.se
Thu Sep 8 07:05:33 EDT 2005
On Wed, 7 Sep 2005, Jeff Kell wrote:
> The Novell box must be doing routing or IP forwarding, no? I don't want
> them routing [for obvious purposes]. He says he isn't. I say he is.
> There you go.
If the spoofed addresses you see are all on the novell box, then he is not
routing, he is simply sourcing the packets he's sending out with an IP
that he has on an interface that is not facing you.
There seems to be OS dependant behaviour regarding this.
In the following setup:
A
|
B
|
C
If you ping the BC subnet interface of B from A, what address should B use
to source the ICMP response? This is OS-dependant, some OS will source
with B:s BC interface IP, some will do it with the B:s AB interface IP
adress.
This also applies to ICMP unreachable or TTL expired messages. If the IP
packet coming in on an interface triggers an expired message, should the
router use its address on that interface (where the packet came in), or
use the IP of the source interface to where the route points to the
destination of the expired message?
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the cisco-nsp
mailing list