Differences between current version and predecessor to the previous major change of ECN.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 4 Last edited on Thursday, August 31, 2006 11:16:51 am by IanMcDonald
Older page: version 3 Last edited on Wednesday, August 30, 2006 3:34:22 pm by CraigBox Revert
@@ -7,11 +7,17 @@
  Note that, on the Internet, there are many broken firewalls which refuse connections from ECN-enabled machines, and it may be a while before these firewalls are fixed. Until then, to access a site behind such a firewall (some of which are major sites, at the time of this writing) you will have to disable this option, either by saying N now or by using the sysctl. 
 Apparently most ECN problems are caused by [CiscoPix] routers dropping [IP] packets that have ECN set. 
+Cisco IOS was fixed in version 12.2(8)T according to this page of Sally Floyd's (one of the authors of ECN) -  
+This version of IOS was released around 2002 or 2003 so if a firewall is still running that version it probably is very insecure too and should be upgraded.  
 If you encounter this problem, you can disable ECN at run time: 
 # echo 0 > /proc/sys/net/ipv4/tcp_ecn 
+It would also be good to tell the site that they are using obsolete, and probably insecure, equipment.