>In a previous message ccdes@ccdes.princeton.nj.us wrote >> I know we are getting a cisco router, and I have a question for anyone - >> what is the latest version of the router software I need to run to keep >> fake ICMP packets from reaching my hosts? I believe that this was a >> somewhat recent upgrade by cisco, thus the presence of nuke.c or whatever >> being used to annoy people. > >Is this true? If so, I'd be interested to know how this is implemented >and also what software revision is required. We use quite a few routers >here, some Cisco, some not. I don't see how one could filter 'fake' >icmp destination unreachable messages without actually filtering all >real ones as well. I believe that a majority of the packets "nuking" connections out there are not perfect fakes; they are distinguishable from the real thing.