RE: Problem of blocking ICMP packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> But in between the network, some routers have some firewall 
> configuration so that they will simply drop any incomming ICMP 
> packet without sending any response to the sender. 

Not just routers. Many "host firewalls" will by default drop all
unsolicited ICMP packets. The rational is a variant of security by
obscurity: a host is more secure if its presence cannot be trivially
detected.

The old assumption used to be that if a host has an IP address, it can
receive pretty much any packet sent to that address. The practical
situation we have today is that if two hosts communicate over a given
protocol and port, they can receive packets from the same "five tuple"
but are not guaranteed to receive other packets. This has an important
consequence for many IETF designed protocols, including indeed path MTU
discovery.

-- Christian Huitema

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]