[162220] in North American Network Operators' Group
Re: ICMP Redirect on Resolvers
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat Apr 6 19:04:54 2013
To: shawn wilson <ag4ve.us@gmail.com>
In-Reply-To: Your message of "Sat, 06 Apr 2013 10:38:06 -0400."
<CAH_OBid59G4_MXvJ06uG7=y13woPf1hJYRPOywBW__aZ5j3S7Q@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Sat, 06 Apr 2013 19:03:23 -0400
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1365289403_1839P
Content-Type: text/plain; charset=us-ascii
On Sat, 06 Apr 2013 10:38:06 -0400, shawn wilson said:
> What would break if u dropped all ICMP packets with redirects on public
> facing boxes?
Presumably nothing, as long as you guaranteed that your IP address, netmask,
and routes actually match the reality of your network configuration. In that
case, you shouldn't see any valid ICMP redirects. They're there mostly so
things kind-of-sort-of work even if you botch it (so for instance, even if you
whiff your default route accidentally, you can still ssh in from Tokyo and fix
it).
--==_Exmh_1365289403_1839P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBUWCpugdmEQWDXROgAQJU5RAAnUV284WVqne26GZqXt0X1Rqgwxmttg8L
AU1BVErqzS0tK2VPe7sPCeUWa5V3wL1gmXx9/BknfM8qWwWDKsqeecW02NjQJuhG
7bANRUuJhtTa9hcTbuU9PnjFlyuAo3kj//qsMTGL8QlhPBHNPwnLzI1gxoS7RMn9
VtFaFbAsaIMOam1BHAWdFZ5FQAyOfyJ3XSEbynk1Psjh6Ph56ZOxgMKHUJUGBPQX
/PHALc0BIWD0GP3FxJc5rui++HdKxBGqm8mw5zbkDe+9OLTVQOtIXM4RWU+QlFkb
GPyJpB8eU3/nDBjQMPO7fdYU4AjL1zkXw4MFcuYRgcysKqkQ7DoC1U9Y8RkqtIpT
US3gN4SL3VMN6/fpI/aZWpY6HPPBx4cg4/XaKT/sFVqvzqNKqHe6DTc/Lp7A906Z
rbyWQhyZShZ4AEMKvNSHXCey/WmLqlWn43w/zRoZ488a2YDyGh0mhnrnUSKw3KkU
vpYQzejIk0zVC8cCC5yl9nagSo7j88vIRf5W3BWDEHX+SVvhH8oygpuGUQYNpxBC
jdnt0iiuixffP6LPYdQm5W42n8pjjDHT4PJXdRNJc0fVVVdcws/xeGngGrJXBtSd
VPb6H/KANsjXPksgYzI0pAxSmoHjfEg2kknhaqZSw9yCjUdEFbqLEWpL87nWPo3/
CTEtLUSSto4=
=vI5p
-----END PGP SIGNATURE-----
--==_Exmh_1365289403_1839P--
