Firewall Wizards mailing list archives

Re: blocking icmp type 3

From: Gé Weijers <ge () cobalt com>
Date: Mon, 28 Aug 2000 12:17:49 -0700

On Fri, Aug 25, 2000 at 07:42:10AM +0200, Jan Stifter wrote:

i allowed only incoming and outgoing icmp type 3 code 4
(fragmentation-needed), due to a paper describing the importance of
this type of icmp-message (www.worldgate.com/~marcs/mtu/)


I would definitely allow all type 3 messages, the advice about not
needing ICMP at all is wrong, as you found out. ICMP type 3 packets
don't elicit a response from your internal hosts, so they're useless
for probing.

Gé

-- 
--
Gé Weijers                      Voice: (614)326 4600
Cobalt Networks, Inc.             FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

blocking icmp type 3 Jan Stifter (Aug 25)
- Re: blocking icmp type 3 Kimmo Suominen (Aug 26)
- Re: blocking icmp type 3 Alexander Schreiber (Aug 26)
- Re: blocking icmp type 3 Patrick Darden (Aug 26)
- RE: blocking icmp type 3 Ofir Arkin (Aug 26)
- Re: blocking icmp type 3 Gé Weijers (Aug 28)