Le jeu 24/10/2002 =E0 15:29, Robert P. J. Day a =E9crit :
> On 24 Oct 2002, Cedric Blancher wrote:
> > One very packet can have one state, and one.=20
> so every syntactically correct ("well-formed"??) packet is one
> of NEW, ESTABLISHED or RELATED, while all others are just
> INVALID? ok, i can accept that, thanks.
Yes and no, it is a bit more complicated...
INVALID applies to all packets for which ip_conntrack is not able to
give a state. As common examples :
. TCP packets that does not complies to RFC 793
. ICMP errors non related to existing flows
. lack of memory or conntrack table full
So, well formed packets can sometimes fall into INVALID state, but it is
safe to DROP them.
--=20
C=E9dric Blancher <blancher@cartel-securite.fr>
Consultant en s=E9curit=E9 des syst=E8mes et r=E9seaux - Cartel S=E9curi=
t=E9
T=E9l: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
