Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A fun smackdown...

From: Don Kendrick <don () hawaiidon com>
Date: Sun, 22 May 2005 13:07:02 -0400
It seems every couple years (now almost 7 years) we have a debate about PMTU. Here we all are in 1998...follow the thread from this post: 

http://seclists.org/lists/firewall-wizards/1998/Jun/0021.html

BTW, I stopped ICMP at the border back then and I still stop it today.

Don
On May 21, 2005, at 3:59 PM, Marcus J. Ranum wrote:


Steven M. Bellovin wrote:
Path MTU was standardized in RFC 1191, from November 1990. Virtually no 
one had firewalls back then.  It didn't "ignore existing
implementations of security systems" because there were almost none.


I stand corrected on the history of PMTUD.
There weren't a lot of people screening ICMP at that point, either, though 
I believe most routers had the capability to do so.

It stands to reason, then, that PMTUD should be fixed, rather than
expecting everyone to drop their drawers and grip their ankles for a
good ICMP'ing.

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: