[nsp] Filter based forwarding
jlewis at lewis.org
jlewis at lewis.org
Thu Nov 6 16:39:00 EST 2003
On Thu, 6 Nov 2003, Gert Doering wrote:
> PS: read the RFC, it's worth it. But of course it's an April's Fool's
> joke. There is nothing special about Nachi ICMPs, except that they are
> always 92 byte in size - and it's perfectly legal for an ICMP ping to be
> 92 byte in size, which makes it very hard to do Nachi filtering without
> hurting legitimate use.
Not only is it legal, but it's the size icmp packet versions of windows
I've seen use when doing traceroutes...so Nachi filters will break/block
windows traceroute. Unix (udp) traceroute is unaffected. We're still
doing the Nachi filters on all of our AS5x00's. I've been afraid to turn
it off and see how quickly the boxes break.
----------------------------------------------------------------------
Jon Lewis *jlewis at lewis.org*| I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list