[11500] in North American Network Operators' Group
Re: [nsp] known networks for broadcast ping attacks
daemon@ATHENA.MIT.EDU (Sean Donelan)
Wed Jul 30 20:30:54 1997
Date: Wed, 30 Jul 1997 19:02:02 -0500
From: Sean Donelan <SEAN@SDG.DRA.COM>
To: nanog@merit.edu
>Well, I've been filtering ICMP for quite a while at my border routers,
>and other than the occasional braindead sendmail configuration, and
>the fact that Solaris ping can't handle the "Administratively prohibited"
>return from the IOS filter rule, I've yet to see a major downside.
Under certain conditions filtering all ICMP messages will break
Path MTU discovery. Check your router vendor's documentation for
information about filtering types of ICMP messages.
--
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Affiliation given for identification not representation
