ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  Top Ten Tips to Make Attackers’ Lives Hell
Subject:   3. Filter Outbound ICMP Type 3 Messages
Date:   2004-04-19 10:03:36
From:   dave bruce
Don't do this. This is terrible advice. Denying all ICMP type 3 messages will result in you breaking path MTU discovery.


You must be more selective in your filtering than this. ICMP type 3 code 4 must be allowed to pass!


See the many references available on pMTUd and the fun that happens when you block all ICMP type 3 messages.


*sigh*