Thanks to Fred Van Kenpen, Jeffery Hummel, and Irene Shilikhina.
Irene sent me some past post reguarding blocking ICMP redirects, which is what I ended up doing, and all is fine. Search for ICMP redirects. Here are the other posts. One outstanding issue is knowing the ttl of a route entry.
Correspondece between Fred and me.
------------------------------
Rich,
There was a change in one of the patch kits that sortof "added" the
setting of a ttl field to those routing entries. Tom Blinn might
know more about it.
--fred
> -----Original Message-----
> From: Rich Glazier [mailto:RichGlazier_at_netscape.net]
> Sent: Thursday, October 30, 2003 10:55 PM
> To: Fred N. van Kempen
> Subject: RE: what causes modified redirects?
>
>
> Thanks for all the great input Fred. You mentioned the ttl
> on route entires in version 5.1+. That is something I've
> been trying to confirm. Is there a ttl for all routes in the
> routes table, or is based on the type? I heard that ICMP
> redirect entries "D" stay indefinitely, but that in they next
> patchkit you be able to set a timeout value for ICMP
> redirects. Do you know of anyway of seeing how long entries
> have been in the route tabel, and when they expire?
>
> "Fred N. van Kempen" <Fred.van.Kempen_at_microwalt.nl> wrote:
>
> >Rich,
> >
> >> -In Unix, if a packet cant get to an IP via it's static or
> >> learned route, will it then always try the default gateway?
> >Yes.
> >
> >> -If the above scenario happened in our network, the default
> >> gateway would send it back telling it where to go. Presumably
> >> back to he dead path. Our default gateway wouldn't be able
> >> to get it there.
> >No, the dflt gw would pass it on as expected *and* send back an
> >'icmp redirect' message to the sender saying "hey, I'll forward
> >this for ya, but from now on, use gateway XXX, cos they know
> >more about it."
> >
> >This is the GDM entry you see.
> >
> >> -Would the above scenario constitute a modified redirect?
> >Yes.
> >
> >> - Is an "M" flag placed there by Unix, or is it sent from a
> >> netowrk device like the original ICMP redirect that adds
> the "D" flag?
> >Ibelieve it gets the M flag when either ttl changes (since 5.1 now
> >has ttls on these) or when the gw address changes.
> >
> >> -What can cause a modified redirect? i.e what network
> >> devices can add the "M" to the route table.
> >Anything that routes, so, routers, gateways and layer3 switches
> >performing smart switching.
> >
> >> mars# netstat -rn | grep -E 'UGHD|default'
> >> default 10.1.101.254 UGS 6 467279
> fta0
> >> 10.5.150.24 10.1.101.253 UGHDM 1 36645
> fta0
> >> 10.6.50.2 10.1.101.253 UGHDM 0 44
> fta0
> >> 10.6.50.6 10.1.101.253 UGHDM 0 525
> fta0
> >> 10.8.50.5 10.1.101.253 UGHDM 1 8318
> fta0
> >This means, that although you were sending everything to
> 10.1.101.254,
> >that router reported back that although it can route the requested
> >packets, it suggests that you use 10.1.101.253 for that destination
> >instead, as that is a shorter route.
> >
> >It *can* happen when routers get congested.
> >
> >--fred
> >
>
>From Jeff
-----------------------
Do any of the routers between you and the target have a default route that
is equivalent to the new route? If so and the routing table is incomplete,
the intermediate router may have sent the ICMP update to your server.
Jeff
__________________________________________________________________
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397
Get AOL Instant Messenger 5.1 free of charge. Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455
Received on Wed Nov 12 2003 - 21:18:56 NZDT