[c-nsp] Hiding a Cisco Router from a Traceroute
Kristofer Sigurdsson
kristo at ipf.is
Fri Oct 21 05:30:34 EDT 2005
On Thu, 2005-10-20 at 12:57 -0600, james edwards wrote:
> If you block traceroute you will likely break path MTU discovery. This is a
> bad idea all round.
If you only block ICMP Time to live exceeded, ICMP packets requesting
fragmenting the packets will most likely survive.
However, I completely agree, it's a bad idea, that goes for disabling
traceroute and especially breaking the path MTU discovery mechanism.
Too many intellectually challenged sysadmins block ICMP to/from their
(www) servers, making the use of links with lower MTU than 1500 pretty
near impossible.
--
Kristófer Sigurðsson Tel: +354 414 1600
Netrekstur/Network Operations IP Fjarskipti ehf.
More information about the cisco-nsp
mailing list