Chapter 9

p. 118

The reason that ``host unreachable'' is now generated instead of ``network unreachable'' is that it might only be a sub-net that was unreachable, but a host on a different network has no way of knowing the sub-net mask that defines the sub-net. Hence, if ```network unreachable'' were generated, the recipient might erroneously conclude that the whole Class A/B/C network was unreachable, whereas in fact other sub-nets might still be reachable. This problem arises because sub-netting is a later addition to the IP suite. The problem gets worse with CIDR (p. 140), since there is now no way to determine remotely whether two hosts are on the same network.

p. 119

There are now several more ``top-level routing domains'': for example, the London router on SuperJANET 4 has to decide whether a packet is destined for:

1. elsewhere in JANET, and if so which other JANET node it should be forwarded to;
2. elsewhere in Britain (e.g. Freeserve), in which case it should be sent to LINX³¹;
3. elsewhere in Europe (including the Middle East and parts of Africa), in which case it is sent to TEN155³²;
4. the rest of the world, in which case it is sent over the ``fat pipes'' (4 155Mbps links) to North America.

These routing decisions require knowing where every network is, or can be reached. More accurately, we need to know how every block of networks can be reached: for example an InterNIC or AP-NIC (see the second note of page 8) block of networks can all be aggregated into a single ``super-net'' and sent as in 4 above, without knowing where the end point is.

p. 123

Note the various checks that 4.4 BSD performs (and other systems should perform). As noted here, a malicious host could generate spurious redirects, this disrupting traffic or directing it via a subverted node. However, the second check 2 is somewhat misleading. One can check that the ``indirect is from the current router'', but an IP-level check is not very useful, since a host can insert a packet with a false source address³³. A Level-2 check on the address will not work for PPP (where there are no Level-2 addresses) or in the presence of proxy ARPing (page 60 and the Appendix). Hence this check is not as strong as it looks.

p. 123

Note that sub-netting is an addition to IP after ICMP (in particular redirects) was defined, and hence there is no provision for sending sub-net masks with a redirect. This explains the notes at the end of section 9.5 about having to send host redirects rather than network redirects.

p. 125

Router discovery is not as new as it was in 1994, and more hosts and routers now support it. However, we should note that every router on a sub-net has to support it before it becomes truly useful, so its use is not as wide-spread as could be hoped for.

It should be noted that there is no security on router discovery, and this weakness has been exploited. See http://www.L0pht.com/advisories/rdp.txt for details. Firewalls should certainly block these packets.