Should routers send redirects by default?
Brandon Ross
bross at pobox.com
Fri Aug 20 22:16:35 UTC 2010
On Fri, 20 Aug 2010, Valdis.Kletnieks at vt.edu wrote:
> Until a PC or something on the network gets pwned, and issues selective forged
> ICMP redirects to declare itself a router and the appropriate destination for
> some traffic, which it can then MITM to its heart's content. *Then* you truly
> have a manure-on-fan situation.
I believe the question was along the lines of, "why do I turn this off on
my router?"
How does turning off ICMP redirects on the router prevent a rouge PC from
sending ICMP redirects to it's neighbors?
I'm in the same boat here. I know there's a lot of conventional wisdom
that says to turn it off, but I'm yet to hear a convincing argument as to
why I should bother. Now configuring your hosts to ignore them, that I
could understand.
--
Brandon Ross AIM: BrandonNRoss
ICQ: 2269442
Skype: brandonross Yahoo: BrandonNRoss
More information about the NANOG
mailing list