NNSquad - Network Neutrality Squad
[ NNSquad ] Re: [IP] Re: a wise word from a long time network person -- Merccurynews report on Stanford hearing
No, it isn't. Your firewalling analogy doesn't hold up either; the
correct response from a firewall should be an ICMP Type 3 packet
(destination unreachable) with a code of either 9, 10, or 13 (the
"administratively prohibited" codes). The correct response for
traffic management is an ICMP Source Quench message. None of these
require forgery of IP headers or TCP flags.
--
William S. Duncanson
caesar@starkreality.com
[ I'd prefer not to slide into a firewall response argument right
now. Let's consider this thread closed here for the time being
-- it can be continued on the NNSquad Forum if desired.
-- Lauren Weinstein
NNSquad Moderator ]
- - -
> -----Original Message-----
> From: nnsquad-bounces+caesar=starkreality.com@nnsquad.org [mailto:nnsquad-
> bounces+caesar=starkreality.com@nnsquad.org] On Behalf Of Brett Glass
> Sent: Tuesday, April 22, 2008 16:30
> To: nnsquad
> Subject: [ NNSquad ] Re: [IP] Re: a wise word from a long time network person
> -- Merccurynews report on Stanford hearing
>
> My objection has been to the use of the pejorative term "forging" or
> "forgery." A RST packet is a perfectly good and legitimate way of
> informing the ends of a TCP socket that it is being terminated.
>
> To understand why, think about what would happen if the socket were
> merely blocked by firewalling. The two sides would retry... and retry...
> and retry before giving up. And by doing so, they'd congest the
> network -- defeating the very purpose of terminating the socket. RST
> packets, on the other hand, inform the two sides that the socket has
> been terminated and there is no point in continuing to retry. Fast,
> efficient, and actually better for the ends (in terms of resource
> consumption) than the alternative.
>