1 |
> Probably you think ICMP is dangerous too. There are a lot of brain dead |
2 |
> admins who blocks ICMP packets and they wonder why connections to some |
3 |
> websites are broken or if they administrate the packet filter before a |
4 |
> webserver they wonder why some user grouches they wouldn't get a |
5 |
> connection to the web server. |
6 |
|
7 |
Ever heard of Smurf or Loki? |
8 |
|
9 |
If you allow all ICMP in you are indeed a brain-dead admin, in my opinion. |
10 |
Sure, host unreachable, DF should be allowed in, but why should an |
11 |
external host be able to send timestamp or subnet requests? |
12 |
|
13 |
-- |
14 |
gentoo-security@g.o mailing list |