Re: Getting "ICMP Host redirect from gateway" response

Am Tue, 29 May 2007 19:40:11 -0500 schrieb Moe Trin:

On Tue, 29 May 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <f3hkpp$q08$01$1@xxxxxxxxxxxxxxxxx>, Burkhard Ott wrote:

schrieb ianbrn@xxxxxxxxx

I want to be able to ping machines and get "ICMP Host redirect from
gateway"
(for learning more about ICMP redirects).

If 192.168.0.253 has 192.168.0.254 as default gw and your host using
192.168.0.253 as default gw and you ping an external IP which is not
reachable via broadcast (e.g. 172.30.254.1) then you should recive a
nice icmp redirect by the time you ping the external IP.

I suspect you'll get a ICMP Type 3 Code 0 "Network unreachable" rather
than a redirect. Where would you be redirected to? A "redirect" occurs

No, you'll be redirected because .253 and .254 are reacheable via
broadcast and .253 has .254 as default gw so he should send a redirect
to all hosts (.1-.252) this message. They are also able to reach the
default gw dirrct.

when the router knows of a "better" route. See section 4.3.3.2
of RFC1812, which begins

4.3.3.2 Redirect

The ICMP Redirect message is generated to inform a local host that it
should use a different next hop router for certain traffic.

Yep, thats how it works.

and compare that to section 4.3.3.1, the first part of which says

4.3.3.1 Destination Unreachable

If a router cannot forward a packet because it has no routes at all
(including no default route) to the destination specified in the
packet, then the router MUST generate a Destination Unreachable, Code
0 (Network Unreachable) ICMP message.

That message could com from .254 if the dest. would not reachable.


Keep an eye on
/proc/sys/net/ipv4/conf/all/accept_redirects

Agreed - many O/S ignore them to prevent Denial Of Service attacks

Also wrong, not denial of service you could route all packets to your host
if you send a redirect to the hosts, there is a big difference because if
your host act as an router nobody will feel this difference (all requests
will be answered). So now you can sniff for username:passwd etc.
If you DOS a host/router everybody will send an email to his system
administrator and he will check that in a short time.
.

Relevant Pages

  • Re: Getting "ICMP Host redirect from gateway" response
    ... I tried and succeeded in getting a REDIRECT response, ... I added a route with 192.168.0.10 as a gateway to a local host ...
    (comp.os.linux.networking)
  • Re: Getting "ICMP Host redirect from gateway" response
    ... nice icmp redirect by the time you ping the external IP. ... when the router knows of a "better" route. ... should use a different next hop router for certain traffic. ...
    (comp.os.linux.networking)
  • Re: ICMP redirects are baad mkay?
    ... The requirements list was gathered from RFC 1122, ... If a host has to behave robustly under ... >Who says that an ICMP Redirect cannot replace an ICMP Redirect? ...
    (comp.security.firewalls)
  • Re: Getting "ICMP Host redirect from gateway" response
    ... The ICMP Redirect message is generated to inform a local host that it ... should use a different next hop router for certain traffic. ... but send it to the default gateway and expect it to ...
    (comp.os.linux.networking)
  • Re: domain name pointing to a page
    ... Your clients must first buy the domain "clientsite.com" and then set up the redirect as suggested using any of the usual methods, including the specific one provided by Alvaro. ... the browser contacts their ISP and asks for the IP address of the host "www.clientsite.com". ... Now, when any person type one or the other URL, then the result is my website. ...
    (comp.lang.php)