SUMMARY:what causes modified redirects?
From: Rich Glazier (RichGlazier_at_netscape.net)
Date: Wed, 12 Nov 2003 16:11:49 -0500 To: email@example.com
Thanks to Fred Van Kenpen, Jeffery Hummel, and Irene Shilikhina.
Irene sent me some past post reguarding blocking ICMP redirects, which is what I ended up doing, and all is fine. Search for ICMP redirects. Here are the other posts. One outstanding issue is knowing the ttl of a route entry.
Correspondece between Fred and me.
There was a change in one of the patch kits that sortof "added" the
setting of a ttl field to those routing entries. Tom Blinn might
know more about it.
> -----Original Message-----
> From: Rich Glazier [mailto:RichGlazier@netscape.net]
> Sent: Thursday, October 30, 2003 10:55 PM
> To: Fred N. van Kempen
> Subject: RE: what causes modified redirects?
> Thanks for all the great input Fred. You mentioned the ttl
> on route entires in version 5.1+. That is something I've
> been trying to confirm. Is there a ttl for all routes in the
> routes table, or is based on the type? I heard that ICMP
> redirect entries "D" stay indefinitely, but that in they next
> patchkit you be able to set a timeout value for ICMP
> redirects. Do you know of anyway of seeing how long entries
> have been in the route tabel, and when they expire?
> "Fred N. van Kempen" <Fred.van.Kempen@microwalt.nl> wrote:
> >> -In Unix, if a packet cant get to an IP via it's static or
> >> learned route, will it then always try the default gateway?
> >> -If the above scenario happened in our network, the default
> >> gateway would send it back telling it where to go. Presumably
> >> back to he dead path. Our default gateway wouldn't be able
> >> to get it there.
> >No, the dflt gw would pass it on as expected *and* send back an
> >'icmp redirect' message to the sender saying "hey, I'll forward
> >this for ya, but from now on, use gateway XXX, cos they know
> >more about it."
> >This is the GDM entry you see.
> >> -Would the above scenario constitute a modified redirect?
> >> - Is an "M" flag placed there by Unix, or is it sent from a
> >> netowrk device like the original ICMP redirect that adds
> the "D" flag?
> >Ibelieve it gets the M flag when either ttl changes (since 5.1 now
> >has ttls on these) or when the gw address changes.
> >> -What can cause a modified redirect? i.e what network
> >> devices can add the "M" to the route table.
> >Anything that routes, so, routers, gateways and layer3 switches
> >performing smart switching.
> >> mars# netstat -rn | grep -E 'UGHD|default'
> >> default 10.1.101.254 UGS 6 467279
> >> 10.5.150.24 10.1.101.253 UGHDM 1 36645
> >> 10.6.50.2 10.1.101.253 UGHDM 0 44
> >> 10.6.50.6 10.1.101.253 UGHDM 0 525
> >> 10.8.50.5 10.1.101.253 UGHDM 1 8318
> >This means, that although you were sending everything to
> >that router reported back that although it can route the requested
> >packets, it suggests that you use 10.1.101.253 for that destination
> >instead, as that is a shorter route.
> >It *can* happen when routers get congested.
Do any of the routers between you and the target have a default route that
is equivalent to the new route? If so and the routing table is incomplete,
the intermediate router may have sent the ICMP update to your server.
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
Get AOL Instant Messenger 5.1 free of charge. Download Now!