On Mon, 20 Dec 2021, Steven Champeon wrote:
on Mon, Dec 20, 2021 at 04:50:00PM -0500, Sean Donelan wrote:
Assuming (not confirmed) mitigating old-style DOS attacks. See "ping of death."
Are there even enough dialup connections and ancient modems left that POD is a thing anyone needs to worry about?
Likely not. But ICMP is spoofable, and anyone operating extremely large attack bounce points, should try to mitigate the attack potential. Limiting ICMP responses, DNS answers, reducing SYN retries, gratuitous firewall RSTs, etc, etc. But I'm just guessing why Google does it. I don't know, and unless a googler is willing to share; we won't ever know. Sometimes I disagree with their reasons, but google usually has a reason. Oh, and also every network operator should implement source address validation (beating the dead horse, for the nanog mail topic moderators).