Re: [nsp] icmp blocking

From: Gert Doering (gert@greenie.muc.de)
Date: Thu Mar 28 2002 - 12:11:52 EST

Next message: Stephen Sprunk: "Re: Subnet Mask"
Previous message: Shi, Ning: "RE: [nsp] icmp blocking"
In reply to: Shi, Ning: "RE: [nsp] icmp blocking"
Next in thread: Gert Doering: "Re: [nsp] icmp blocking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Hi,

On Thu, Mar 28, 2002 at 12:02:43PM -0500, Shi, Ning wrote:
> I guess this is OK for enterprise network. Any good idea for ISP?

Permit ICMP (with rate-limiting). Really.

It sucks so much if you can't do traceroute/ping to figure out why your
customers can't reach some web server hosted at some other ISP because
they have broken network diagnostics on purpose (read: deny ICMP).

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert@greenie.muc.de
fax: +49-89-35655025                        gert.doering@physik.tu-muenchen.de

Next message: Stephen Sprunk: "Re: Subnet Mask"
Previous message: Shi, Ning: "RE: [nsp] icmp blocking"
In reply to: Shi, Ning: "RE: [nsp] icmp blocking"
Next in thread: Gert Doering: "Re: [nsp] icmp blocking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:09 EDT