From owner-freebsd-security@FreeBSD.ORG  Tue Feb 12 16:12:05 2013
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id AAFC9AA2;
 Tue, 12 Feb 2013 16:12:05 +0000 (UTC) (envelope-from feld@feld.me)
Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2])
 by mx1.freebsd.org (Postfix) with ESMTP id 77794ECC;
 Tue, 12 Feb 2013 16:12:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me;
 s=blargle; 
 h=In-Reply-To:Message-Id:From:Mime-Version:Date:References:Subject:Cc:To:Content-Type;
 bh=DB4M8N68hm9qrbM4plGJdY1jm4PtcV4rxVZGTEZlDK4=; 
 b=ZrIg7ypo29PZSnv7e5ANTtNuox5lgK+byo8Za0bKoLjGl/fVzVe280jRbQfydPDKm4zOt0wvSaStkokRGrfZbRXPE6f+3rvo83FkkHc3MYzL7nV4Qu1xYEo5m1fx5pmL;
Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org)
 by feld.me with esmtp (Exim 4.80.1 (FreeBSD))
 (envelope-from <feld@feld.me>)
 id 1U5ISS-0002Ka-Ak; Tue, 12 Feb 2013 10:11:48 -0600
Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4)
 with esmtpsa id 1360685502-4288-44968/5/2; Tue, 12 Feb 2013 16:11:42
 +0000
Content-Type: text/plain; format=flowed; delsp=yes
To: khatfield@socllc.net, Janne Snabb <snabb@epipe.com>
Subject: Re: FreeBSD DDoS protection
References: <SNT002-W152BF18F12BD59F112A1CBAE5040@phx.gbl>
 <321927899.767139.1360461430134@89b1b4b66ec741cb85480c78b68b8dce.nuevasync.com>
 <51179708.2030206@epipe.com>
Date: Tue, 12 Feb 2013 10:11:42 -0600
Mime-Version: 1.0
From: Mark Felder <feld@feld.me>
Message-Id: <op.wsehxssd34t2sn@tech304.office.supranet.net>
In-Reply-To: <51179708.2030206@epipe.com>
User-Agent: Opera Mail/12.13 (FreeBSD)
Cc: freebsd-isp@freebsd.org, freebsd-security@freebsd.org,
 James Howlett <jim.howlett@outlook.com>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2013 16:12:05 -0000

On Sun, 10 Feb 2013 06:48:08 -0600, Janne Snabb <snabb@epipe.com> wrote:

> Please do not drop all ICMP unless you understand what you are doing. By
> doing that you are creating a path MTU discovery blackhole.

I was coming here to say the exact thing

Dropping ICMP is not a security method. Please stop doing this!