nanog mailing list archives
Re: [NANOG] Limiting ICMP
From: Sean Donelan <sean () donelan com>
Date: Fri, 23 May 2008 19:23:57 -0400 (EDT)
On Wed, 21 May 2008, John Kristoff wrote:
In the environments where I've done this, my experience was that it was an acceptable practice at the time and in a couple cases it did help the net upstream when something went wrong (e.g. this did stop some real DoS traffic for me more than once). I made use of protocol counters or some monitoring tools to ensure they were not unnecessarily dropping valid packets. Your mileage may vary of course, as it apparently does?
Welcome to the wonderful world of deciding on "defaults." Unfortunately, the people most likely to be negatively affected by defaults are also people least likely to know the consequences of those defaults.
Is it better to set defaults conservatively and allow people who want more to expand them? Or better to set defaults liberally and allow people who want less to reduce them?
Current thread:
- [NANOG] Limiting ICMP Drew Weaver (May 17)
- Re: [NANOG] Limiting ICMP Kameron Gasso (May 17)
- Re: [NANOG] Limiting ICMP John Kristoff (May 21)
- Re: [NANOG] Limiting ICMP Rob Thomas (May 21)
- Re: [NANOG] Limiting ICMP Sean Donelan (May 23)