mailing list archives
Re: [nsp] known networks for broadcast ping attacks
From: Sean Donelan <SEAN () SDG DRA COM>
Date: Wed, 30 Jul 1997 19:02:02 -0500
Well, I've been filtering ICMP for quite a while at my border routers,
and other than the occasional braindead sendmail configuration, and
the fact that Solaris ping can't handle the "Administratively prohibited"
return from the IOS filter rule, I've yet to see a major downside.
Under certain conditions filtering all ICMP messages will break
Path MTU discovery. Check your router vendor's documentation for
information about filtering types of ICMP messages.
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Affiliation given for identification not representation