29 Sep
2008
29 Sep
'08
10:44 a.m.
On Sun, 28 Sep 2008 17:43:00 CDT, "Laurence F. Sheldon, Jr." said:
They apparently block ICMP as current best practice seems to require.
Ahem. Who said "block ICMP' is BCP? Yes, there's some ICMP things that you probably *should* block if they're to/from untrusted sources, but in particular, host/net unreachable ICMP shouldn't be blocked, and the next site I catch blocking 'Frag Needed' I'm gonna get on a plane and re-educate them with a clue-by-four regarding what they're doing to PMTUD.