Iljitsch van Beijnum <iljitsch@muada.com> writes:
Now Microsoft is also the company that built the OS that could be crashed by a maliciously crafted fragmented IP packet, so maybe there's something to this security policy. (One hopes that this bug and others like it are now fixed.)
Although the fact that Microsoft block all icmp makes me wonder which unfixed icmp related security holes they know about... I am not saying that there are any such holes in current Windows versions, but I will certainly not use a Windows server in an environment where I could receive icmp after learning that Microsoft themselves don't trust Windows' icmp handling. After all, Microsoft must have a reason to block all icmp. Or?
However, in that case the only workable course of action would be TO DISABLE PATH MTU DISCOVERY!
You can't have your cake and eat it too.
But maybe the death of icmp is worth some sort of ceremony? Cake or not. Bjørn