Blocking icmp router redirection (was: Blocking icmp)
Sonntag den 1.06.2003 um 3:53 CEST +0200, schrieb Daniel Pittman:
> On Sat, 31 May 2003, Frank Matthie wrote:
> > block router redirection - If there can only be one router on the other
> > end, block that.
>
> This is the one point at which you are wrong. Many versions of Windows
> would respect the request for router redirection and happily start
> routing to anywhere you asked.
>
> So, blocking that is sane ... not least of which because it's not really
> used. Just blocking the one *legal* source of these messages, though, is
> probably not a good idea.
>
> If you want to allow it at all, allow it only from the legal
> source(s)...
Your point - ok, but my scenario is like this one:
LAN -> Router/Firewall -> ISP connection -> Router ISP
Why should my router "Router/Firewall" accept any router redirection from the
isp router "Router ISP"? This is the only way to go to the net. If this router
isn't ok, my link is broken.
Frank.
--
Frank Matthieß frankm@lug-owl.de
Reply to: