Re: ICMP Blocking Woes

[Crist Clark <crist.clark () globalstar com>]

bdragon () gweep net wrote:
> > AFAIK, it's been that way since Win95.  I recall a certain
> > vendor's dodgy ISDN router * * * on Windows traceroute, but
> > working fine under *ix... for whatever reason, said router didn't
> > like the ICMP traceroute, but returned unreachables in response
> > to UDP when TTL expired.
> >
> >
> > Eddy
>
> Wasn't this based upon the premise that gear should not return ICMP
> errors as a result of ICMP packet input as a precaution against error
> loops? ie said dodgy router did the _right_ thing?

That would be disingenious. RFC1122 clearly lists which ICMP are error
messages,

      3.2.2 Internet Control Message Protocol -- ICMP
         ICMP messages are grouped into two classes.
         *
              ICMP error messages:
               Destination Unreachable   (see Section 3.2.2.1)
               Redirect                  (see Section 3.2.2.2)
               Source Quench             (see Section 3.2.2.3)
               Time Exceeded             (see Section 3.2.2.4)
               Parameter Problem         (see Section 3.2.2.5)
         *
              ICMP query messages:
                Echo                     (see Section 3.2.2.6)
                Information              (see Section 3.2.2.7)
                Timestamp                (see Section 3.2.2.8)
                Address Mask             (see Section 3.2.2.9)

But it would not surprise me one bit if some lazy coder actually didn't
do what you describe just to make the code simpler and try to use that
as a justification.
-- 
Crist J. Clark                               crist.clark () globalstar com
Globalstar Communications                                (408) 933-4387