Subset of, yes. All? So many sites on the Internet can't be accessed reliably from the many OSes that do PMTUD? Somehow, I doubt.
-- brandon s allbery kf8nh sine nomine associates [email protected] [email protected] unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net ________________________________________ From: Derek Atkins [[email protected]] Sent: Thursday, February 07, 2013 13:36 To: Brandon Allbery Cc: Antony Mayi; Andrew Deason; [email protected] Subject: Re: [OpenAFS] Re: mtu problem Brandon Allbery <[email protected]> writes: > A host or network which drops all ICMP indiscriminately is > fundamentally broken, and I could make an argument for not allowing it > to communicate with other networks at all. If someone is demanding > drop-all-ICMP as "security best practice" then you need to find > someone who actually understands networks and network security, and > possibly challenge your current security advisor(s) for fraud. Good luck with that. Many sites on the internet block ICMPs. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH [email protected] PGP key available _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
