[nsp] known networks for broadcast ping attacks

Sean Donelan SEAN at SDG.DRA.COM
Thu Jul 31 00:02:02 UTC 1997


>Well, I've been filtering ICMP for quite a while at my border routers, 
>and other than the occasional braindead sendmail configuration, and
>the fact that Solaris ping can't handle the "Administratively prohibited" 
>return from the IOS filter rule, I've yet to see a major downside.

Under certain conditions filtering all ICMP messages will break
Path MTU discovery.  Check your router vendor's documentation for
information about filtering types of ICMP messages.

-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation



More information about the NANOG mailing list