gabriel rosenkoetter on Sun, 28 Oct 2001 17:35:07 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] problem accessing techrepublic.com


On Sun, Oct 28, 2001 at 05:06:07PM -0500, Michael C. Toren wrote:
> It looks like www.techrepublic.com is sitting behind a silly
> firewall which doesn't like TCP SYN packets that have the ECN
> (Explicit Congestion Notification; RFC2481) bits set.

That's not just silly, it's totally broken. You can't just go
dropping packets because they're using the reserved field in a way
you don't recognize without at least sending an ICMP unreachable or
something. The whole point of TCP/IP is that it's robust enough that
you can probably just ignore that data and things will work out.

Though it doesn't explicitly mention this kind of thing (at least,
not to my quick glance), as I had hoped that it would, this
definitely flies in the face of the principles behind RFC 2979
(Behavior of and Requirements for Internet Firewalls).

Send them an angry email, refuse to use their service. Or give in
and modify your local TCP stack to keep them happy. I know what I'd
do...

-- 
       ~ g r @ eclipsed.net

Attachment: pgpV2wvW3kdUB.pgp
Description: PGP signature