Hi All,
We have a Firebox II
setup stopping most of what we don't want. Everything has been running nicely,
then our city run ISP installed a new mail server. We found that mail from its
domain was being slowed down or blocked. On inspection to turns out that our
firewall was being hit constantly my there mail server destined for our mail
server. Seems they are sending ICMP packets for PMTU discovery, so the Firebox
sees these ICMP packets as a possible DoS attack and locks out the
domain.Seems the frequency has increased to several packets per second at worst.
The ISP says they
are just following standard RFC1191 protocols, but something has to have changed
as we haven't had this problem before.
If we let these
through to our mail server are we opening ourselves up to attack? Sorry I don't
directly configure the Firebox myself so I'm not sure what config. capabilities
it has. I'd appreciate any discussion on this.
Barry
