[NANOG] Microsoft.com PMTUD black hole?

SML sml at lordsargon.com
Wed May 7 22:18:51 UTC 2008


On 7-May-2008, at 17:07:06, Deepak Jain wrote:

> Many non-SP IT folks think they understand TCP, grudgingly accept  
> UDP for DNS from external sources and think everything else is  
> bollocks. Many *might* have a fit if they saw Microsoft accepting  
> ICMPs because that seems inconsistent with their knowledge of turn- 
> the-knob network security. To their view, their Linksys/Netgear/ 
> whathaveyou COTS firewalls block everything too.
>
> I don't think I'm exaggerating here.


No, you are not. I have seen the same from "firewall engineers" at  
large companies, people who, supposedly, have done "network security"  
for years. Even after showing them numerous Web sites detailing  
current best practices, especially Rob Thomas's fine site, these folks  
would not change their practices.

Some days it is hard to not give in to the "I give up" feelings.





More information about the NANOG mailing list