[outages] www.house.gov not reachable.
Laurence F. Sheldon, Jr.
LarrySheldon at cox.net
Mon Sep 29 14:08:46 EDT 2008
Valdis.Kletnieks at vt.edu wrote:
> On Sun, 28 Sep 2008 17:43:00 CDT, "Laurence F. Sheldon, Jr." said:
>
>> They apparently block ICMP as current best practice seems to require.
>
> Ahem. Who said "block ICMP' is BCP? Yes, there's some ICMP things that
> you probably *should* block if they're to/from untrusted sources, but in
> particular, host/net unreachable ICMP shouldn't be blocked, and the next
> site I catch blocking 'Frag Needed' I'm gonna get on a plane and re-educate
> them with a clue-by-four regarding what they're doing to PMTUD.
I've been inactive in the racket for a while but personally think
blocking any ICMP from or to people you want to talk to is a mistake,
but last I heard just about everybody was telling me to block _some_
ICMP or other for some mythical reason o other.
And the more expensive consultants (considering TCO) and most of the
"firewall" experts were telling me to block them all.
--
Requiescas in pace o email Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio Infallibility, and the ability to
learn from their mistakes.
Eppure si rinfresca
ICBM Targeting Information: http://tinyurl.com/4sqczs
More information about the Outages
mailing list