Home page logo
/

nanog logo nanog mailing list archives

Re: [nsp] known networks for broadcast ping attacks
From: Sean Donelan <SEAN () SDG DRA COM>
Date: Wed, 30 Jul 1997 19:02:02 -0500

Well, I've been filtering ICMP for quite a while at my border routers, 
and other than the occasional braindead sendmail configuration, and
the fact that Solaris ping can't handle the "Administratively prohibited" 
return from the IOS filter rule, I've yet to see a major downside.

Under certain conditions filtering all ICMP messages will break
Path MTU discovery.  Check your router vendor's documentation for
information about filtering types of ICMP messages.

-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]