* Steve Lamb (grey@dmiyu.org) [030825 14:02]: > On Mon, 25 Aug 2003 13:51:37 -0500 > "P. Kallakuri" <praveen@unlserve.unl.edu> wrote: > > i cannot find what process is keeping them. i know that i disabled ICMP > > requests on my gateway, > > Ungh. Why? Why disable ICMP. Seconded, with a large clue-by-four. a few select excerpts form RFC 1122 (Oct 1989): "This RFC is an official specification for the Internet community." "The Internet layer of host software MUST implement both IP and ICMP." "Every host MUST implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies." Also, you should read about how filtering ICMP breaks path MTU discovery. Simply put, it's a really bad idea. I also don't understand what people are trying to gain by removing ICMP, which happens to be one of the fundamental building blocks of Internet infrastructure. I guess people think "icmp == ping" and "no ping == invisible == invincible". *Shrug*. If you're worried about some sort of DoS, use some sort of rate-limiting filter or something. good times, Vineet -- http://www.doorstop.net/ -- http://www.digitalconsumer.org/ Protecting fair-use rights in the digital world
Attachment:
pgpZGaVI8UU6g.pgp
Description: PGP signature