North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [nsp] known networks for broadcast ping attacks
>Well, I've been filtering ICMP for quite a while at my border routers, >and other than the occasional braindead sendmail configuration, and >the fact that Solaris ping can't handle the "Administratively prohibited" >return from the IOS filter rule, I've yet to see a major downside. Under certain conditions filtering all ICMP messages will break Path MTU discovery. Check your router vendor's documentation for information about filtering types of ICMP messages. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation |