[prev in list] [next in list] [prev in thread] [next in thread]
List: nanog
Subject: Re: [nsp] known networks for broadcast ping attacks
From: Sean Donelan <SEAN () SDG ! DRA ! COM>
Date: 1997-07-31 0:02:02
[Download RAW message or body]
>Well, I've been filtering ICMP for quite a while at my border routers,
>and other than the occasional braindead sendmail configuration, and
>the fact that Solaris ping can't handle the "Administratively prohibited"
>return from the IOS filter rule, I've yet to see a major downside.
Under certain conditions filtering all ICMP messages will break
Path MTU discovery. Check your router vendor's documentation for
information about filtering types of ICMP messages.
--
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Affiliation given for identification not representation
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic