Date: Sun, 17 Jan 1999 16:30:56 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Christian Kuhtz <ck@adsu.bellsouth.com> Cc: "Daniel O'Callaghan" <danny@hilink.com.au>, Justin Wolf <jjwolf@bleeding.com>, ben@rosengart.com, "N. N.M" <madrapour@hotmail.com>, freebsd-security@FreeBSD.ORG Subject: Re: Small Servers - ICMP Redirect Message-ID: <199901180030.QAA54407@apollo.backplane.com> References: <007701be4256$f01ff740$02c3fe90@cisco.com> <Pine.BSF.3.96.990118085344.15297A-100000@enya.clari.net.au> <19990117185047.A97318@oreo.adsu.bellsouth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:With all due respect, ICMP source quenches are in my experience not a regular
:occurance (even though it'd be nice to get them more frequently) and even if
:they occur, most stacks don't know how to deal with it correctly.
:
:ICMP is primarily a diagnostic tool. In a properly configured network, ICMP
:is not neccessary. Again, loosen your configs as needed. A lack of ICMP
:in a properly configured network is irritating at best, but not life
:threatening.
:
:Cheers,
:Chris
ICMP is definitely not just a diagnostic tool, and it is put to good use
in a properly configured network. For example, Path MTU Discovery
uses ICMP ( RFC 1191 ). ICMP is not something you want to arbitrarily
filter. At the very least you want to let through the various
unreachability messages.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901180030.QAA54407>