On 3/3/19 20:16, Mark Andrews wrote: > > >> On 4 Mar 2019, at 9:33 am, Stephen Satchell <[email protected]> wrote: >> >> On 3/3/19 1:04 PM, Mark Andrews wrote: >>> There are lots of IDIOTS out there that BLOCK ALL ICMP. That blocks PTB >>> getting >>> back to the TCP servers. >> >> For those of us who are in the dark, "PTB" appears to refer to "Packet >> Too Big" responses in ICMPv6. >> >> Yes, some admins don't have fine-enough grain tools to block or throttle >> specific types of ICMP, but that's the fault of the vendors, not the admins. > > No, it is the fault of the admins. They should be making it part of the > purchasing > decision if they want to filter ICMP. It’s not like selective filtering is a > new idea. > It is well over 20 years old at this stage. The amount of +20 year old > equipment on the > net is minimal. > > That said modern OS’s don’t need other equipment to “protect" them from ICMP > of any form. >
These news don't help in that direction: https://www.theregister.co.uk/2016/06/02/cisco_warns_of_ipv6_dos_vulnerability/ (I'm not complaining about the news, but about the bugs, if you wish) -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

