Re: Rejecting udp - Manuel Samper

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Manuel Samper <manuel@samper.dyndns.org>
To: netfilter@lists.netfilter.org
Subject: Re: Rejecting udp
Date: Thu, 6 Mar 2003 20:53:59 +0100	[thread overview]
Message-ID: <20030306195359.GA28937@quark.lan> (raw)
In-Reply-To: <33803.192.222.90.38.1046775610.squirrel@pelorus.org>

Skip Morrow, on Tuesday, Mar  4 2003 at 12:00, wrote:
> I am trying to remember my networking class (/me shakes the cobwebs out)
> 
> I think that the original question is a good question.  UDP packets
> (legitimately) arriving at my computer are not acknowledged.  That is, I
> don't tell the sender "Yeah, I got that packet.  Thanks."  Nor, do I tell
> the sender "Whoops.  I didn't quite get all of that last packet.  Could
> you send it again?" So, REJECTing a UDP packet doesn't make sense.  The
> sender isn't looking for any type of OK message or anything for that
> matter.  In fact, where would the REJECT message go?  Does the sender even
> have a listen port open?
> 
> But then again, I could be completely wrong.

Maybe. UDP connectionless means any protocol lying on top should
implement their own connection tracking mechanism if it wants one, tftp
is an example that comes to my mind (http://www.ietf.org/rfc/rfc1350.txt
if you are curious).

I don't knwon the SMB internals, but it's wise to reject a blocked port
from inside your lan instead of let any timeouts expire, as someone
noted.

	Manuel

     prev parent reply	other threads:[~2003-03-06 19:53 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-03-03 17:28 Rejecting udp Michael K
2003-03-03 17:38 ` Athan
2003-03-03 20:14   ` Arnt Karlsen
2003-03-04  0:08 ` Willem Oldeman
2003-03-04  2:42   ` Skip Morrow
2003-03-06 10:53     ` Michael J. Tubby B.Sc. (Hons) G8TIC
2003-03-04 11:00   ` Skip Morrow
2003-03-04 11:26     ` Raymond Leach
2003-03-04 13:31       ` Skip Morrow
2003-03-04 23:51         ` Arnt Karlsen
2003-03-05 10:03           ` Maciej Soltysiak
2003-03-06 19:53     ` Manuel Samper [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030306195359.GA28937@quark.lan \
    --to=manuel@samper.dyndns.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox