Date: Sun, 10 Feb 2013 13:44:45 -0600 From: Chris Boyd <cboyd@gizmopartners.com> To: freebsd-security@freebsd.org Subject: Re: FreeBSD DDoS protection Message-ID: <1360525485.9680.9.camel@hounddog> In-Reply-To: <321927899.767139.1360461430134@89b1b4b66ec741cb85480c78b68b8dce.nuevasync.com> References: <SNT002-W152BF18F12BD59F112A1CBAE5040@phx.gbl> <321927899.767139.1360461430134@89b1b4b66ec741cb85480c78b68b8dce.nuevasync.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2013-02-09 at 19:57 -0600, khatfield@socllc.net wrote: > > Deny all ICMP (drop I mean) Please DON'T do this. ICMP is a required part of the TCP/IP suite. It breaks Path MTU discovery, leading to oddball issues where some sites can't load graphics, some file transfers break, etc. It makes troubleshooting using traceroute not work. If you don't want to get pinged, then drop echo request/reply. But those are really pretty harmless. --Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1360525485.9680.9.camel>