Firewall Wizards mailing list archives
RE: ICMP destination unreachable messages
From: "Max Enders" <Max.Enders () watchguard com>
Date: Wed, 16 Apr 2003 15:16:26 -0700
Steven, They're simply replayed so they have not been modified in any way. Regards, Max
-----Original Message----- From: Steven M. Bellovin [mailto:smb () research att com] Sent: Wednesday, April 16, 2003 2:15 PM To: Max Enders Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] ICMP destination unreachable messages In message <c643615a7427fb3b0dfc9eef1ff89c5f3e9c52d1 () watchguard com>, "Max Ende rs" writes:Hello, I'm curious to know how firewalls handle duplicate ICMPdestination unreachable messages. How should replayed packets be denied? It seemslike the two bestoptions are rate limiting and inspecting the IPID. Anyinformation is appreciated.How duplicate are they? Remember that you have to let in the "fragmentation needed" messages, or you'll end up with black holes. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ICMP destination unreachable messages Max Enders (Apr 15)
- Re: ICMP destination unreachable messages Steven M. Bellovin (Apr 16)
- Re: ICMP destination unreachable messages Chunduru Rama Krishna Prasad (Apr 17)
- <Possible follow-ups>
- RE: ICMP destination unreachable messages Max Enders (Apr 16)