Date: Sun, 17 Jan 1999 19:27:30 -0500 (EST) From: Snob Art Genre <benedict@echonyc.com> To: Christian Kuhtz <ck@adsu.bellsouth.com> Cc: "Daniel O'Callaghan" <danny@hilink.com.au>, Justin Wolf <jjwolf@bleeding.com>, ben@rosengart.com, "N. N.M" <madrapour@hotmail.com>, freebsd-security@FreeBSD.ORG Subject: Re: Small Servers - ICMP Redirect Message-ID: <Pine.GSO.4.05.9901171920280.5038-100000@echonyc.com> In-Reply-To: <19990117185047.A97318@oreo.adsu.bellsouth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 17 Jan 1999, Christian Kuhtz wrote: > With all due respect, ICMP source quenches are in my experience not a regular > occurance (even though it'd be nice to get them more frequently) and even if > they occur, most stacks don't know how to deal with it correctly. > > ICMP is primarily a diagnostic tool. In a properly configured network, ICMP > is not neccessary. Again, loosen your configs as needed. A lack of ICMP > in a properly configured network is irritating at best, but not life > threatening. I disagree. ICMP is *required* for Solaris' path MTU discovery, for host unreachable messages, and for UDP port unreachables. There are probably serveral other applications that break without ICMP. ICMP is not optional, it's part of the Internet Protocol. I agree about source quenches though. Ben "You have your mind on computers, it seems." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.05.9901171920280.5038-100000>