Derick Anderson zei: > > > bclark said: >> Hi all >> >> Would anyone be kind to explain why would a person reject a >> connection to port 113 with icmp-host-unreachable as opposed >> to destination-unreachable. >> I probally dont understand the difference. >> Just something I was wondering. >> >> Kind Regards >> Brent Clark >> > >>From what I can tell, icmp-host-unreachable is a code (1) for the > destination-unreachable ICMP type (3). See > http://www.spirit.com/Resources/icmp.html for a little more information, > and Google RFC 792 for a lot more information. > > Basically though, "host-unreachable" is more specific than > "destination-unreachable". I would think that code 3 would be more > appropriate ("port unreachable") to this specific rule but then I don't > bother with ident (port 113) rules. There's more information on that on > this page: http://grc.com/port_113.htm. Actually one should respond with a tcp reset to tcp/113. All icmp *-unreachable replies can (and do) give differing results on different sending tcp stacks. HTH, M4
