NNSquad - Network Neutrality Squad
[ NNSquad ] Re: [IP] Re: a wise word from a long time network person-- Merccurynews report on Stanford hearing
> [ Just to save some time, I'll note here that proponents of RST > manipulation/forging by ISPs routinely argue that (in their > opinions) ICMP is too often blocked to be generally useful in > these situations. > > -- Lauren Weinstein > NNSquad Moderator ] That ISP's choose to block ICMP is not an excuse for not allowing ICMP. Blocking certain types of ICMP may be reasonable, but not unreachables. Especially if you combine it with URPF checks so that someone can't spoof the unreachable to launch a DoS attack. Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS Senior Network Engineer Coleman Technologies, Inc. 954-298-1697
Attachment:
smime.p7s
Description: S/MIME cryptographic signature