Re: ICMP filtering?

[ccdes () ccdes princeton nj us (Carl Corey)]

> In a previous message ccdes () ccdes princeton nj us wrote
> > I know we are getting a cisco router, and I have a question for anyone -
> > what is the latest version of the router software I need to run to keep
> > fake ICMP packets from reaching my hosts?  I believe that this was a
> > somewhat recent upgrade by cisco, thus the presence of nuke.c or whatever
> > being used to annoy people.  
>
> Is this true?  If so, I'd be interested to know how this is implemented
> and also what software revision is required.  We use quite a few routers
> here, some Cisco, some not.  I don't see how one could filter 'fake'
> icmp destination unreachable messages without actually filtering all
> real ones as well.

I believe that a majority of the packets "nuking" connections out there are
not perfect fakes; they are distinguishable from the real thing.