[Freeswitch-users] ICMP... and MTU

Tristan Mahé t.mahe at b-and-c.net
Wed Feb 19 00:04:15 MSK 2014


Hey Brian,

Here in france, it is a common topic for ADSL links, not so much for
SDSL ( only ATM impacted, EFM is fine ) and not at all on Optical Fiber.
Now that we are our own ISP and don't sell ADSL, everything's fine :)
There are no distinction on residential/commercial offers for that subject.

The popular belief that 'badguycantpingmeimsafe' is still very strong (
though who would seriously loose time scanning a range with ICMP when
tcp/udp does it well, and that after scanning with ICMP, you would
anyway engage a port/app scan ? ).

Each time I have to explain customers whom I don't manage the firewall
why it is not good ( we have a perfect example with an administration's
website, which needs MTU 1460 max, so that's quite easy to demo to the
customer: you can upload, you can't ). We even distribute a "Best
practice" manual for our customers which cover this.


Le 18/02/2014 21:25, Brian West a écrit :
> I want to open a discussion on this topic, I’m sure many of you fine freeswitchers have encountered the pain of exceeding the MTU and things not handling it properly.  I’ve also see this mindset that blocking all ICMP will somehow make your network more secure, In doing this you’re actually breaking PMTU and the internet in general.  So check your firewalls, if you’re blocking repent now and fix it… Input and discussions would be welcome on this topic.
> 	
> I think this issue is more of an issue facing residential installs vs commercial installs… What have you seen?
> 
> 
> --
> Brian West
> brian at freeswitch.org
> FreeSWITCH Solutions, LLC
> PO BOX 2531
> Brookfield, WI 53008-2531
> Twitter: @FreeSWITCH , @briankwest
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
> 
> T: +1.918.420.9001  |  F: +1.918.420.9002  |  M: +1.918.424.WEST
> iNUM: +883 5100 1420 9001
> ISN: 410*543
> Skype:briankwest
> PGP Key: http://www.bkw.org/key.txt (AB93356707C76CED)
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140218/3d4dc981/attachment.bin 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list