On 3/3/19 20:16, Mark Andrews wrote:
On 4 Mar 2019, at 9:33 am, Stephen Satchell <list@satchell.net> wrote:
On 3/3/19 1:04 PM, Mark Andrews wrote:
There are lots of IDIOTS out there that BLOCK ALL ICMP. That blocks PTB getting back to the TCP servers.
For those of us who are in the dark, "PTB" appears to refer to "Packet Too Big" responses in ICMPv6.
Yes, some admins don't have fine-enough grain tools to block or throttle specific types of ICMP, but that's the fault of the vendors, not the admins.
No, it is the fault of the admins. They should be making it part of the purchasing decision if they want to filter ICMP. It’s not like selective filtering is a new idea. It is well over 20 years old at this stage. The amount of +20 year old equipment on the net is minimal.
That said modern OS’s don’t need other equipment to “protect" them from ICMP of any form.
These news don't help in that direction: https://www.theregister.co.uk/2016/06/02/cisco_warns_of_ipv6_dos_vulnerabili... (I'm not complaining about the news, but about the bugs, if you wish) -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492