> In article <19990914082132.N16326@pointer.teuto.de> you wrote:
> > Just send a port / destination unreachable.
>
> actually a RST, since ICMPs might get ignored for established connectons
> (the reasons are flaky routes generate them often for no good reason)
They are not ignored. They are saved as TCP soft error and delivered on a timeout.
Spoofing TCP is generally a bad idea. When someone tries to spoof or is
misconfigured to accidentially spoof he can surely eat a timeout. It is not
a common case.
But in this case it does not matter anyways: Unless you turn on that
spoofing filter during active connections (unlikely), it will always see the
initial connection establishment. In this case ICMPs are reported after
30-60s.
-Andi
-- This is like TV. I don't like TV.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/