Hacker News new | ask | show | jobs
by EvanAnderson 251 days ago
Every time I've had to fight with path MTU discovery not working I've cursed the people who block all ICMP, though. If ICMP echo / echo-reply is the problem just block that. At the very least, allow destination unreachable / fragmentation needed thru (type 3, code 4).
2 comments
yardstick 251 days ago
I am sure someone will find a way to exfiltrate data using any ICMP type. How good are firewalls at validating the packets are legit?
link
pixl97 251 days ago
Most of the people blocking ICMP have no clue that ICMP codes/types even exist.
link