On Thu, Jan 28, 2010 at 2:25 AM, Tony Li <tony...@tony.li> wrote: > Robin Whittle wrote: > >> I argue against Fred Templin's position that >> ordinary RFC1191 DF=1 Path MTU Discovery (and >> therefore its RFC1981 IPv6 equivalent) is "busted". >> >> Where is the evidence that networks filtering out >> PTB (Packet Too Big) messages is a significant >> problem? > > > This happens. Consult some operator folks, privately and quietly. Many > enterprises blocked all inbound ICMP when DDoS attacks started happening.
yes, not just for 'dos attack' problems but because often people don't understand what ICMP is there for :( the dreaded 'people can ping you!!' apparently == 'deny icmp any any' PMTUD is horrendously supported :( -chris (operatorish guy) _______________________________________________ rrg mailing list rrg@irtf.org http://www.irtf.org/mailman/listinfo/rrg
