tech-net: Re: icmp redirects

Subject: Re: icmp redirects
To: None <tech-net@netbsd.org>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: tech-net
Date: 04/17/2000 15:05:02

atatat@atatdot.net (Andrew Brown) writes:
> 206.22.3.10        198.67.1.3         UGHD        0    46447      -  ne0
...
> but why?  dynamic routes like that seem like the kind of thing that
> should time out, simply because they're called "dynamic routes".

In the router that I hacked code on, I came to the same conclusion.  I
ended up inserting ICMP-redirects into the routing table a 600 second
(10 minute) TTL.  That at least caused them to eventually age out.

(My feeling was that routers especially should never honor ICMP
redirects -- ever.  Even hosts shouldn't honor them since there so
little validity checking that one can't really tell if an
ICMP-redirect is spoofed or not.  Unfortunately some vocal customers
really liked to set up their routers as dumb hosts -- so this
embarrassing misfeature stayed.)

-wolfgang
-- 
       Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
		    http://www.wsrcc.com/wolfgang/
DGPS signals via the Internet  http://www.wsrcc.com/wolfgang/gps/dgps-ip.html