tech-net: port-unreachable and system reboot

Subject: port-unreachable and system reboot
To: None <tech-net@netbsd.org>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-net
Date: 05/26/2001 16:14:44

-----BEGIN PGP SIGNED MESSAGE-----


  When I reboot a system for some reason, I'd rather that anyone trying
to access it just keep trying. Unfortunately, there is a window between
ifconfig up, and starting the appropriate daemons when the system 
will return an ICMP port unreachable.

  I wonder if anyone has given any thought that perhaps one should not
send this ICMP at all until a sysctl has been set? (Which would be done
once all daemons are started)

  Aside from helping during bootup, this might also be useful to permit
a system to be someone more stealthy.
  Thoughts?

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface

iQCVAwUBOxAOs4qHRg3pndX9AQF5sgP9GjeshS/29aJh4s/P1PnSsOlbiqiRZvUK
S7UuN5XmdSvj6HoMdVBW5LMeG0M7E0118UnsgHShOJaI1xkew5wXqKdnXa6QEMth
Un04xodG2X8TDxLOkj9A59OeW5SwsTiL4cNPTG+H6n7JXhh/lnIZbzCNF1PXDdiq
ixtCrznKzeQ=
=03hj
-----END PGP SIGNATURE-----