Tomas L. Byrnes wrote:
I'm not sure what the issue is here.
Just about every modern firewall I've used has an option to enable PMTU on interfaces, while blocking all other ICMP.
Is MS not running something manufactured in the last 10 years at their perimeter?
Not sure, but you actually entered in here to a subthread of the original conversation, this one about other possible ways of dealing with black hole "ICMP-munchers" in a pre-emptive fashion. I had a brainstorm that I thought would be workable, which is what we were discussing here. Apparently, it turns out my idea was no good. ;-) The original discussion about MS blocking ICMP to their own servers, which is the discussion it sounds like you are looking for, is over that-a-way... *points* -- Nathan Anderson First Step Internet, LLC nathana@fsr.com