Date: Sun, 17 Jan 1999 17:51:06 -0700 (MST) From: David G Andersen <danderse@cs.utah.edu> To: ck@adsu.bellsouth.com (Christian Kuhtz) Cc: danny@hilink.com.au, jjwolf@bleeding.com, ben@rosengart.com, madrapour@hotmail.com, freebsd-security@FreeBSD.ORG Subject: Re: Small Servers - ICMP Redirect Message-ID: <199901180051.RAA16892@lal.cs.utah.edu> In-Reply-To: <19990117185047.A97318@oreo.adsu.bellsouth.com> from "Christian Kuhtz" at Jan 17, 99 06:50:47 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Lo and behold, Christian Kuhtz once said: > > ICMP is primarily a diagnostic tool. In a properly configured network, ICMP > is not neccessary. Again, loosen your configs as needed. A lack of ICMP > in a properly configured network is irritating at best, but not life > threatening. This is actually incorrect. ICMP is an important part of path MTU discovery (did I say important? I meant critical). You really don't want to block ICMP_UNREACH_NEEDFRAG messages, because it *will* hurt your performance. That's ICMP type 3, subtype 4, for those of you counting. -Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901180051.RAA16892>