nanog mailing list archives
Re: Firewall stateful handling of ICMP packets
From: Adi Linden <adil () adis on ca>
Date: Wed, 3 Dec 2003 21:53:59 -0600 (Central Standard Time)
The problem with ICMP is that it is ICMP today. What will it be tomorrow? It'll aways be putting out fires, controlling packet floods matching whatever signature. One solution is to get away from unlimited bandwidth. Once there is a cost associated to having a PC source Nachi or Welchi traffic, customers will learn to be more concerned and educate themselves. The cost doesn't have to be moneytary. Progressive rate limiting could be used, where traffic gets pinched as the allowed traffic per time slot is consumed. Adi
Current thread:
- Re: Firewall stateful handling of ICMP packets Jamie Reid (Dec 03)
- Re: Firewall stateful handling of ICMP packets Steve Francis (Dec 03)
- Re: Firewall stateful handling of ICMP packets Jeff Kell (Dec 03)
- Re: Firewall stateful handling of ICMP packets Adi Linden (Dec 03)
- Re: Firewall stateful handling of ICMP packets Joe Abley (Dec 03)
- Re: Firewall stateful handling of ICMP packets Sean Donelan (Dec 04)
- Re: Firewall stateful handling of ICMP packets Joe Abley (Dec 04)
- Re: Firewall stateful handling of ICMP packets Adi Linden (Dec 04)
- NANOG spam survey Doug Luce (Dec 04)
- Re: Firewall stateful handling of ICMP packets Petri Helenius (Dec 04)
- Re: Firewall stateful handling of ICMP packets Joe Abley (Dec 03)