Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757668AbbGGPYy (ORCPT ); Tue, 7 Jul 2015 11:24:54 -0400 Received: from mail-wi0-f179.google.com ([209.85.212.179]:35130 "EHLO mail-wi0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756969AbbGGPYs (ORCPT ); Tue, 7 Jul 2015 11:24:48 -0400 MIME-Version: 1.0 In-Reply-To: <559B7943.3070807@ladisch.de> References: <21611.1436179798@turing-police.cc.vt.edu> <559B7943.3070807@ladisch.de> From: Matteo Croce Date: Tue, 7 Jul 2015 17:24:07 +0200 X-Google-Sender-Auth: Fhs3iXdDnJIzkFpxS0pcpP5j9pM Message-ID: Subject: Re: [PATCH v2] add stealth mode To: Clemens Ladisch Cc: Valdis Kletnieks , Nicolas Dichtel , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 992 Lines: 24 2015-07-07 9:01 GMT+02:00 Clemens Ladisch : > Valdis.Kletnieks@vt.edu wrote: >> On Thu, 02 Jul 2015 10:56:01 +0200, Matteo Croce said: >>> Add option to disable any reply not related to a listening socket >> >> 2) You *do* realize that this isn't anywhere near sufficient in order >> to actually make your machine "invisible", right? (Hint: What *other* >> packets can be sent to a machine to provoke a response?) > > Even worse: if you want to pretend that the entire machine is "not there", > you must make the router in front on you reply with an ICMP "destination > unreachable" message. You can't do sometimes, like in DSL lines where the router in front of you is an ISP owned DSLAM -- Matteo Croce OpenWrt Developer -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/