19 Feb
2016
19 Feb
'16
3:30 p.m.
Subject:
Re: [44net] ICMP: A small request
From:
"Marc, LX1DUC" <lx1duc(a)laru.lu>
Date:
02/19/2016 06:37 PM
To:
AMPRNet working group <44net(a)hamradio.ucsd.edu>
Especially as we are all running tunnels, you (well your systems) really want to receive
ICMP 3:4 (Fragmentation required, and DF flag set) messages.
The "Ping of death" is not an issue anymore, and ICMP Flooding isn't really
frequent anymore either. Nowadays neither of both require rejecting all kind of ICMP
messages. Usually a fair rate limiting in the INPUT chain does the trick.
73 de Marc, LX1UDC
Unfortunately people like Steve Gibson have done a lot of damage by misinformation -
likely more than the damage ever caused by replying to a PING.
It is still hard to convince some people they should not block all ICMP. At work I am
currently trying to solve a problem caused by dropping the above ICMP packet
combined with the "blackhole detect" misfeature that means the connection is not
just completely breaking down (and the bad firewall operator noticing
his mistake), but becoming much slower. As bad as a site that has IPv6 in DNS but not
actually working...
Rob
20 Feb
20 Feb
10:11 a.m.
New subject: ICMP: A small request
A site with IPv6 DNS is no worse than a person in the telephone
directory who isn't home when you want to call.
The network stacks should be smart enough to try other means (e.g.,
IPv4) when possible.
While it would be *nice* if directories like DNS were totally up to
date, it's not unusual for them to have old (or optimistic?) data in them.
- Richard, VE7CVS
On 2/19/16 12:30 PM, Rob Janssen wrote:
As bad as a site that has IPv6 in DNS but not
actually working...
Rob
3197
days inactive
3198
days old
1 comments
2 participants
participants (2)
-
Richard Chycoski -
Rob Janssen