On Mon, 2005-04-11 at 22:32, Grant Taylor wrote: > > One reason that some institutions decide to DROP verses REJECT is so that someone can not spoof their source IP while performing some sort of attack I don't think I quite follow what you are saying. I'm not sure how using drop or reject would have any effect on someone's ability to use your address space as the source IP in a spoofed packet. > the institutions system expecting the REJECT to go to the spoofed source IP thus becoming part of what I think is considered a reflected attack. If I follow what you are saying here, the concern is the returning ICMP host unreachables may be used as part of a DoS. Is this correct? If so, the concern is pretty minimal. Packet size is small, only 56 bytes in size, so bandwidth utilization is small. Unsolicited ICMP errors are going to be quickly discarded by the receiving system, so its not going to cause much of a CPU hit on the target. Unfortunately there are far too many other ways of performing a DoS that would be much more effective and efficient. > These issues and many more like them are some of the things that I would like to spend some more time reading about and gaining a better understanding Ya, geek stuff is cool. :D Chris