Educause Security Discussion mailing list archives

Re: ICMP blocking

From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Wed, 6 Dec 2006 16:35:42 -0600

This becomes even more important in IPv6 networks.  6 depends rather
heavily on ICMP6 features for normal functionality.

Just a heads-up.  At least 6 has a few fewer really inappropriate ICMP
messages than 4 did.

    -jml

jeff-kell () UTC EDU 2006-12-06 15:57 >>>


Blocking icmp outright causes nefarious problems (PMTU in particular).
Permitting icmp outright gives away the farm.  Our answer is somewhere
in the middle.

Jeff

Current thread:

ICMP blocking Gary Dobbins (Dec 06)
- <Possible follow-ups>
- Re: ICMP blocking ken lindahl (Dec 06)
- Re: ICMP blocking Jeff Kell (Dec 06)
- Re: ICMP blocking Constantakos, William (Dec 06)
- Re: ICMP blocking Randy Marchany (Dec 06)
- Re: ICMP blocking David Gillett (Dec 06)
- Re: ICMP blocking John Ladwig (Dec 06)
- Re: ICMP blocking David Lundy (Dec 06)
- Re: ICMP blocking Gary Flynn (Dec 06)
- Re: ICMP blocking Ken Connelly (Dec 06)
- Re: ICMP blocking Russell Fulton (Dec 07)
- Re: ICMP blocking Joe St Sauver (Dec 07)