Should routers send redirects by default?

Brandon Ross bross at pobox.com
Fri Aug 20 22:16:35 UTC 2010


On Fri, 20 Aug 2010, Valdis.Kletnieks at vt.edu wrote:

> Until a PC or something on the network gets pwned, and issues selective forged
> ICMP redirects to declare itself a router and the appropriate destination for
> some traffic, which it can then MITM to its heart's content. *Then* you truly
> have a manure-on-fan situation.

I believe the question was along the lines of, "why do I turn this off on 
my router?"

How does turning off ICMP redirects on the router prevent a rouge PC from 
sending ICMP redirects to it's neighbors?

I'm in the same boat here.  I know there's a lot of conventional wisdom 
that says to turn it off, but I'm yet to hear a convincing argument as to 
why I should bother.  Now configuring your hosts to ignore them, that I 
could understand.

-- 
Brandon Ross                                              AIM:  BrandonNRoss
                                                                ICQ:  2269442
                                    Skype:  brandonross  Yahoo:  BrandonNRoss




More information about the NANOG mailing list