[nsp] known networks for broadcast ping attacks
Sean Donelan
SEAN at SDG.DRA.COM
Thu Jul 31 00:02:02 UTC 1997
>Well, I've been filtering ICMP for quite a while at my border routers,
>and other than the occasional braindead sendmail configuration, and
>the fact that Solaris ping can't handle the "Administratively prohibited"
>return from the IOS filter rule, I've yet to see a major downside.
Under certain conditions filtering all ICMP messages will break
Path MTU discovery. Check your router vendor's documentation for
information about filtering types of ICMP messages.
--
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Affiliation given for identification not representation
More information about the NANOG
mailing list