On Thu, Jul 19, 2001 at 07:02:46PM +1000, Darren Reed wrote:
> Correct.  This is nearly never useful because the "next hop" that is the
> redirected gateway must be on the local LAN.

Yes, but this could be used as a denial of service attack: Ruth can watch Bob's
connexion, then Ruth can send Bob an ICMP redirect through the firewall to a
machine on his LAN that does not forward IP packets, and Bob is stuck.

Is that right?

-- 
Emmanuel Dreyfus                             Emmanuel.Dreyfus@espci.fr
Cette signature vous est fournie telle quelle, sans aucune garantie de 
fonctionnement. En la lisant, vous acceptez les préjudices matériels, 
physiques, et moraux qu'elle pourrait causer.