From owner-freebsd-security  Sat Mar 24 18:47:34 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 92FE737B71A
	for <freebsd-security@freebsd.org>; Sat, 24 Mar 2001 18:47:32 -0800 (PST)
	(envelope-from cjc@rfx-216-196-73-168.users.reflexcom.com)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Sat, 24 Mar 2001 18:45:25 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.3/8.11.1) id f2P2lKB02277;
	Sat, 24 Mar 2001 18:47:20 -0800 (PST)
	(envelope-from cjc)
Date: Sat, 24 Mar 2001 18:47:09 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Chris Byrnes <chris@jeah.net>
Cc: scanner@jurai.net, Marc Rogers <marcr@shady.org>,
	freebsd-security@FreeBSD.ORG
Subject: Re: DoS attack - advice needed
Message-ID: <20010324184709.A797@cjc-desktop.users.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <Pine.BSF.4.21.0103221239120.62375-100000@sasami.jurai.net> <Pine.BSF.4.33.0103221153370.12333-100000@awww.jeah.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.33.0103221153370.12333-100000@awww.jeah.net>; from chris@jeah.net on Thu, Mar 22, 2001 at 11:54:25AM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Mar 22, 2001 at 11:54:25AM -0600, Chris Byrnes wrote:
> > Idiots is a subjective term. Anyway. Ill tell you why you can't just *flip
> > off* ICMP. It's an integral part of IP. http://users.worldgate.com/~marcs/mtu/
> > Alot of people need to take some "Protocol 101" classes. If you dont like
> > how ICMP works. I dont care. It's your broken network not mine. But the
> > fact is you can't filter the entire protocol without consequences. If you
> > choose to ignore said consequences well again it's your broken network not
> > mine. I dont care.
> 
> Wow, buddy.  Seriously, come on.
> 
> You don't have to get personal about it.  I asked a valid question, and
> people gave me some valid answers.  You, however, seem personally insulted
> by the fact that I don't want ICMP turned on.

People get really peeved about ICMP breakage when someone upstream
from them breaks it for them. It also is really annoying when your
users start complaining to _you_ when someone else has broken their
own services.

I've had PMTU discovery broken by someone upstream and it is _very_
frustrating.

Feel free to break your own network provided that no one else has to
live with it too.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message