[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: comp.security.unix and comp.security.misc frequently asked questions
Previous Document: I can't get .rhosts/.shosts to work with ssh.
Next Document: How do I prevent my machine from announcing OS version, daemon version, etc in the banner message?
-
Search the FAQ Archives
Single Page
Top Document: comp.security.unix and comp.security.misc frequently asked questions
Previous Document: I can't get .rhosts/.shosts to work with ssh.
Next Document: How do I prevent my machine from announcing OS version, daemon version, etc in the banner message?
Should I block all ICMP at my firewall/router?
No. You need to allow the "can't fragment" message through or you will lose connectivity to some number of sites with wacky packet sizes on their local nets (notably token ring). See http://www.worldgate.com/~marcs/mtu/ Less crucially but still somewhat important, if you block the "destination unreachable" message then you'll get timeouts, after a long wait, in some cases when you could have received immediate "no route to host" messages. But blocking some of the rest might not be a bad idea, especially "redirect".
Top Document: comp.security.unix and comp.security.misc frequently asked questions
Previous Document: I can't get .rhosts/.shosts to work with ssh.
Next Document: How do I prevent my machine from announcing OS version, daemon version, etc in the banner message?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
flaps@dgp.toronto.edu (Alan J Rosenthal)
Last Update December 02 2008 @ 00:10 AM