On Thu, 11 Dec 2003 [EMAIL PROTECTED] wrote: > 1) Disable all ICMP, so the ICMP Frag Needed packets don't make it back, thus > hosing the connection entirely (send too large packet, frag needed, ICMP > dropped, timeout, retransmit, lather, rinse, repeat). > > 2) Number their point-to-points out of RFC1918 space, so the ICMP Frag Needed > gets swallowed by some border router that's doing reasonable ingress/egress > filtering.
Well, actually as far as I have seen the bad thing when pmtud doesnt work is often your server farm load sharer that wont forward the icmp message to the appropriate server in the farm. So a lot of the technology used out there doesnt even by design take ICMP NEED TO FRAG-messages into account when they do things. It's not just clueless admins, it's clueless designers of equipment. -- Mikael Abrahamsson email: [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
