Firewall Wizards mailing list archives
Re: how to block ICMP tunneling? Deja vu?
From: "Don Kendrick" <don () netspys com>
Date: Wed, 21 Jul 1999 17:49:01 -0400
Didn't we just have this discussion last year :) I've been blocking unreachables, ttl-exceeded and echo-reply inbound at the border router and blocking everything else from passing thru the firewall for many years . All is allowed out from the external side of the house only...path MTU has never caused any problems that I'm aware of in our net. Aren't other routers between my net and the "rest of the world" responding to path MTU? Wouldn't it only be a factor if my path was smaller then any other between point A and B? btw...some one else suggested that it mattered if you have a token based network inside...I've got that as well. Don
If you do, you break Path MTU, which can disrupt communications to many sites.
Current thread:
- Re: how to block ICMP tunneling? Deja vu? Don Kendrick (Jul 21)