Home page logo
/

nanog logo nanog mailing list archives

Re: ICMP Redirect on Resolvers
From: Valdis.Kletnieks () vt edu
Date: Sat, 06 Apr 2013 19:03:23 -0400

On Sat, 06 Apr 2013 10:38:06 -0400, shawn wilson said:

What would break if u dropped all ICMP packets with redirects on public
facing boxes?

Presumably nothing, as long as you guaranteed that your IP address, netmask,
and routes actually match the reality of your network configuration.  In that
case, you shouldn't see any valid ICMP redirects.  They're there mostly so
things kind-of-sort-of work even if you botch it (so for instance, even if you
whiff your default route accidentally, you can still ssh in from Tokyo and fix
it).

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]