[Freeswitch-users] ICMP... and MTU
clan at wheel.dk
Wed Feb 19 19:39:43 MSK 2014
On Wed, 19 Feb 2014, Claus Andersen wrote:
> On Wed, 19 Feb 2014, Cesar Bermudez wrote:
>> Sorry to ask, but ..
> There are no stupid questions - only stupid answers.
...and the pain of reading you own answer...
I forgot to add the actual advice. If you would like to avoid breaking as
much as possible but block the obvious dangerous stuff then you should
block for ICMP redirect (type 5). That can be used for re-routing and
should then actively be avoided.
The rest is fairly benign. Personally I rarely block for ICMP echo. Ping
is a very nice diagnostic tool. Some will argue that it can be used to
find a attack vector (that is: confirm something is there). But mostly you
are actively provding services from your host so that vector is easily
found anyway. But as long as you understand the implications it is OK to
block (or not).
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users