Re: ICMP filtering?

Carl Corey (ccdes@ccdes.princeton.nj.us)
Thu, 28 Apr 1994 03:33:58 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bonfield James: "Re: UnixWare"
Previous message: smb@research.att.com: "Re: UnixWare"
Maybe in reply to: MICHAEL R. WIDNER: "ICMP filtering?"
Next in thread: G.J.W. Hagenaars: "Re: ICMP filtering?"

>In a previous message ccdes@ccdes.princeton.nj.us wrote
>> I know we are getting a cisco router, and I have a question for anyone -
>> what is the latest version of the router software I need to run to keep
>> fake ICMP packets from reaching my hosts?  I believe that this was a
>> somewhat recent upgrade by cisco, thus the presence of nuke.c or whatever
>> being used to annoy people.  
>
>Is this true?  If so, I'd be interested to know how this is implemented
>and also what software revision is required.  We use quite a few routers
>here, some Cisco, some not.  I don't see how one could filter 'fake'
>icmp destination unreachable messages without actually filtering all
>real ones as well.

I believe that a majority of the packets "nuking" connections out there are
not perfect fakes; they are distinguishable from the real thing.

Next message: Bonfield James: "Re: UnixWare"
Previous message: smb@research.att.com: "Re: UnixWare"
Maybe in reply to: MICHAEL R. WIDNER: "ICMP filtering?"
Next in thread: G.J.W. Hagenaars: "Re: ICMP filtering?"