Date: Sun, 17 Jan 1999 17:35:16 -0500 (EST) From: Snob Art Genre <benedict@echonyc.com> To: Justin Wolf <jjwolf@bleeding.com> Cc: "Daniel O'Callaghan" <danny@hilink.com.au>, freebsd-security@FreeBSD.ORG, "N. N.M" <madrapour@hotmail.com> Subject: Re: Small Servers - ICMP Redirect Message-ID: <Pine.GSO.4.05.9901171728460.9335-100000@echonyc.com> In-Reply-To: <001101be4265$88868540$02c3fe90@cisco.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 17 Jan 1999, Justin Wolf wrote: > I believe I had read the question and that my response was applicable. > Perhaps you should read the responses again? Blocking ICMP-redirects is > definately advisable - I was suggesting that ICMP messages not be blocked on > the whole. I appologize if my wording, or the wording of Daniel, is > misleading... The question only concerned redirects. You're correct that blocking all ICMP is harmful, but I don't believe the original poster was considering that policy. On further reflection, I have one thing to add: it seems to me that redirects sent to the firewall router itself may or may not be trusted, depending whom you're talking to, but keeping them from entering your network is a good idea. Ben "You have your mind on computers, it seems." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.05.9901171728460.9335-100000>