Subject: Re: IPF question
To: Darren Reed <>
From: Emmanuel Dreyfus <>
List: tech-security
Date: 07/19/2001 11:55:43
On Thu, Jul 19, 2001 at 07:02:46PM +1000, Darren Reed wrote:
> Correct.  This is nearly never useful because the "next hop" that is the
> redirected gateway must be on the local LAN.

Yes, but this could be used as a denial of service attack: Ruth can watch Bob's
connexion, then Ruth can send Bob an ICMP redirect through the firewall to a
machine on his LAN that does not forward IP packets, and Bob is stuck.

Is that right?

Emmanuel Dreyfus                   
Cette signature vous est fournie telle quelle, sans aucune garantie de 
fonctionnement. En la lisant, vous acceptez les préjudices matériels, 
physiques, et moraux qu'elle pourrait causer.