[128938] in North American Network Operators' Group
Re: Should routers send redirects by default?
daemon@ATHENA.MIT.EDU (Brandon Ross)
Fri Aug 20 18:16:50 2010
Date: Fri, 20 Aug 2010 18:16:35 -0400 (EDT)
From: Brandon Ross <bross@pobox.com>
To: Valdis.Kletnieks@vt.edu
In-Reply-To: <156200.1282341272@localhost>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 20 Aug 2010, Valdis.Kletnieks@vt.edu wrote:
> Until a PC or something on the network gets pwned, and issues selective forged
> ICMP redirects to declare itself a router and the appropriate destination for
> some traffic, which it can then MITM to its heart's content. *Then* you truly
> have a manure-on-fan situation.
I believe the question was along the lines of, "why do I turn this off on
my router?"
How does turning off ICMP redirects on the router prevent a rouge PC from
sending ICMP redirects to it's neighbors?
I'm in the same boat here. I know there's a lot of conventional wisdom
that says to turn it off, but I'm yet to hear a convincing argument as to
why I should bother. Now configuring your hosts to ignore them, that I
could understand.
--
Brandon Ross AIM: BrandonNRoss
ICQ: 2269442
Skype: brandonross Yahoo: BrandonNRoss
