Re: Problem of blocking ICMP packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 16 Jun 2004, Mike S wrote:

> Any router configured to block ICMP packets is, quite simply,
> in violation of RFC792 (STD5), which clearly states "ICMP is actually
> an integral part of IP, and must be implemented by every IP module."
> For a router, "implemented" means forwarded to the destinations next
> hop.
>
> So the fact is, by blocking ICMP, such ISPs have broken IP connectivity,
> and can no longer claim to be providing Internet (IP) service.
      ^^^^^^^^^^^^^^^^^^^

Actually, the fact is that they _can_ and they _do_ claim to provide IP
service even though they _shouldn't_. So we should be searching for ways
to discourage ISPs from blocking ICMP. We could spend energy replacing
each of ICMP's uses (such as PMTU discovery), but that would probably just
split the original problem (ICMP's security vulnerabilities) into smaller
problems and push them into other areas.

~armando

0--                                              --0
| Armando L. Caro Jr.  |  Protocol Engineering Lab |
| www.armandocaro.net  |    University of Delaware |
0--                                              --0

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]