Never respond to 0-length UDP packets. Reduces, but does not eliminate

probability that isakmp service will be detected during port scans.
OK hoexer@

1 files changed, 2 insertions, 3 deletions

diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c
index 47b89ce2256..6c03c1888bd 100644
--- a/sbin/isakmpd/message.c
+++ b/sbin/isakmpd/message.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: message.c,v 1.94 2005/02/22 21:42:14 hshoexer Exp $	 */
+/* $OpenBSD: message.c,v 1.95 2005/02/24 00:30:41 cloder Exp $	 */
 /* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $	 */
 
 /*
@@ -1234,8 +1234,7 @@ message_recv(struct message *msg)
 	/* Messages shorter than an ISAKMP header are bad.  */
 	if (sz < ISAKMP_HDR_SZ || sz != GET_ISAKMP_HDR_LENGTH(buf)) {
 		log_print("message_recv: bad message length");
-		message_drop(msg, ISAKMP_NOTIFY_UNEQUAL_PAYLOAD_LENGTHS,
-		    0, 1, 1);
+		message_drop(msg, 0, 0, 1, 1);
 		return -1;
 	}
 #ifdef USE_DEBUG