From owner-freebsd-security Sun Jan 17 16:27:47 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA00594 for freebsd-security-outgoing; Sun, 17 Jan 1999 16:27:47 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from echonyc.com (echonyc.com [198.67.15.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA00589 for ; Sun, 17 Jan 1999 16:27:46 -0800 (PST) (envelope-from benedict@echonyc.com) Received: from localhost by echonyc.com (8.9.1/8.9.1) with ESMTP id TAA06919; Sun, 17 Jan 1999 19:27:30 -0500 (EST) Date: Sun, 17 Jan 1999 19:27:30 -0500 (EST) From: Snob Art Genre Reply-To: ben@rosengart.com To: Christian Kuhtz cc: "Daniel O'Callaghan" , Justin Wolf , ben@rosengart.com, "N. N.M" , freebsd-security@FreeBSD.ORG Subject: Re: Small Servers - ICMP Redirect In-Reply-To: <19990117185047.A97318@oreo.adsu.bellsouth.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 17 Jan 1999, Christian Kuhtz wrote: > With all due respect, ICMP source quenches are in my experience not a regular > occurance (even though it'd be nice to get them more frequently) and even if > they occur, most stacks don't know how to deal with it correctly. > > ICMP is primarily a diagnostic tool. In a properly configured network, ICMP > is not neccessary. Again, loosen your configs as needed. A lack of ICMP > in a properly configured network is irritating at best, but not life > threatening. I disagree. ICMP is *required* for Solaris' path MTU discovery, for host unreachable messages, and for UDP port unreachables. There are probably serveral other applications that break without ICMP. ICMP is not optional, it's part of the Internet Protocol. I agree about source quenches though. Ben "You have your mind on computers, it seems." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message