Date: Mon, 27 Oct 2003 16:22:22 +0800 From: "Francis A. Vidal" <francisv-sender-21ebc3@irc.dagupan.com> To: <freebsd-security@freebsd.org> Subject: RE: Best way to filter "Nachi pings"? Message-ID: <1067242946.66995.TMDA@irc.dagupan.com> In-Reply-To: <5.0.2.1.1.20031027080917.020dd378@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
It's also dependent on ICMP time exceeded. -----Original Message----- From: Colin Percival [mailto:colin.percival@wadham.ox.ac.uk] Sent: Monday, October 27, 2003 4:11 PM To: Francis A. Vidal; freebsd-security@freebsd.org Subject: RE: Best way to filter "Nachi pings"? At 16:06 27/10/2003 +0800, Francis A. Vidal wrote: >Wouldn't it break stuff like traceroute? Traceroute is fine -- it uses UDP packets. Tracert, on the other hand, uses ICMP echo request packets, and it suffers. I'm currently on a university network, and when there are connectivity issues (which seems to be quite often) I get very annoyed with the ICMP filtering. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1067242946.66995.TMDA>