[79617] in North American Network Operators' Group
Re: ICMP Vulnerability
daemon@ATHENA.MIT.EDU (Dean Anderson)
Tue Apr 12 10:37:48 2005
Date: Tue, 12 Apr 2005 10:37:16 -0400 (EDT)
From: Dean Anderson <dean@av8.com>
To: "Hannigan, Martin" <hannigan@verisign.com>
Cc: nanog@merit.edu
In-Reply-To: <A206819EF47CBE4F84B5CB4A303CEB7A520FC6@dul1wnexmb01.vcorp.ad.vrsn.com>
Errors-To: owner-nanog@merit.edu
On Tue, 12 Apr 2005, Hannigan, Martin wrote:
> There's been a rumor on the street that an unnamed large router vendor
> is releasing something around this today as well:
>
> http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
Is this something new to do with source-quench, or is it the ages-old
source-quench attack?
From: Dean Anderson <dean@av8.com>
To: Rudi Starcevic <tech@wildcash.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Essential ICMP
No, that would be wildly wrong.
Necessary messages: (never block)
3 Destination Unreachable
(block code 4 and break PATH MTU)
(other codes are "Nice")
Good Messages: (never harmful)
11 Time to live Exceeded
Nice messages: (sometimes harmful)
4 Source Quench
8/0 Echo Request/Reply
12 Parameter Problem
13/14 Timestamp Request/Reply
15/16 Information Request/Reply
Dangerous (ought to be blocked, unless you know you need it;
in that case tightly restricted)
5 Redirect
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
