|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to block ICMP traffic??
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: How to block ICMP traffic??
- From: Sascha Schumann <saschaSCHUMANN.2NS.DE>
- Date: Wed, 23 Jun 1999 16:57:25 +0200
- Approved-By: Russ.CooperRC.ON.CA
- Comments: To: Russ <Russ.CooperRC.ON.CA>
- In-Reply-To: <61143C10CC8AD211A2F10000F878E68306767Cns.rc.on.ca>; from Russ on Wed, Jun 23, 1999 at 09:55:56AM -0400
- References: <61143C10CC8AD211A2F10000F878E68306767Cns.rc.on.ca>
- Reply-To: Sascha Schumann <saschaSCHUMANN.2NS.DE>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
You fail to mention that disabling ICMP completely will completely kill Path MTU discovery as used by modern IP stacks. The effect becomes visible mostly as "stuck" TCP connections. Extensive information on "Path MTU Discovery and Filtering ICMP" is available on: http://www.worldgate.com/~marcs/mtu/ To summarize, one may block ICMP echo/echo reply subtypes, but should leave the other alone. -- Regards, Sascha Schumann Consultant
- References:
- Re: How to block ICMP traffic??
- From: Russ <Russ.CooperRC.ON.CA>
- From: Russ <Russ.Cooper
- Re: How to block ICMP traffic??
- Prev by Date: NT Repair Disk
- Next by Date: Logging IP addresses of illegal logon attempts
- Prev by thread: Re: How to block ICMP traffic??
- Next by thread: Re: How to block ICMP traffic??
- Index(es):