nanog mailing list archives
Re: ICMP Redirect on Resolvers
From: Valdis.Kletnieks () vt edu
Date: Sat, 06 Apr 2013 19:03:23 -0400
On Sat, 06 Apr 2013 10:38:06 -0400, shawn wilson said:
What would break if u dropped all ICMP packets with redirects on public facing boxes?
Presumably nothing, as long as you guaranteed that your IP address, netmask, and routes actually match the reality of your network configuration. In that case, you shouldn't see any valid ICMP redirects. They're there mostly so things kind-of-sort-of work even if you botch it (so for instance, even if you whiff your default route accidentally, you can still ssh in from Tokyo and fix it).
Attachment:
_bin
Description:
Current thread:
- ICMP Redirect on Resolvers Shahab Vahabzadeh (Apr 05)
- Re: ICMP Redirect on Resolvers Tony Finch (Apr 05)
- RE: ICMP Redirect on Resolvers Keith Medcalf (Apr 05)
- Re: ICMP Redirect on Resolvers Jimmy Hess (Apr 06)
- Re: ICMP Redirect on Resolvers shawn wilson (Apr 06)
- Re: ICMP Redirect on Resolvers Valdis . Kletnieks (Apr 06)
- Re: ICMP Redirect on Resolvers Jimmy Hess (Apr 06)
- Re: ICMP Redirect on Resolvers Owen DeLong (Apr 07)
- Re: ICMP Redirect on Resolvers Valdis . Kletnieks (Apr 07)
- Re: ICMP Redirect on Resolvers Owen DeLong (Apr 07)
- Re: ICMP Redirect on Resolvers Jimmy Hess (Apr 06)