[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    Re: [nsp] known networks for broadcast ping attacks
From:       Sean Donelan <SEAN () SDG ! DRA ! COM>
Date:       1997-07-31 0:02:02
[Download RAW message or body]

>Well, I've been filtering ICMP for quite a while at my border routers, 
>and other than the occasional braindead sendmail configuration, and
>the fact that Solaris ping can't handle the "Administratively prohibited" 
>return from the IOS filter rule, I've yet to see a major downside.

Under certain conditions filtering all ICMP messages will break
Path MTU discovery.  Check your router vendor's documentation for
information about filtering types of ICMP messages.

-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation

[prev in list] [next in list] [prev in thread] [next in thread]