In some email I received from Emmanuel Dreyfus, sie wrote:
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> On Thu, Jul 19, 2001 at 07:02:46PM +1000, Darren Reed wrote:
> > Correct.  This is nearly never useful because the "next hop" that is the
> > redirected gateway must be on the local LAN.
> 
> Yes, but this could be used as a denial of service attack: Ruth can watch Bob's
> connexion, then Ruth can send Bob an ICMP redirect through the firewall to a
> machine on his LAN that does not forward IP packets, and Bob is stuck.
> 
> Is that right?

Yup.

Ruth can also send Bob a TCP RST and cause the connection to shut down, too.
Plus any other number of things.

So what's your point ?

Darren