[OpenAFS] Re: mtu problem
Brandon Allbery
ballbery@sinenomine.net
Thu, 7 Feb 2013 18:39:47 +0000
Subset of, yes. All? So many sites on the Internet can't be accessed reli=
ably from the many OSes that do PMTUD? Somehow, I doubt.=0A=
=0A=
--=0A=
brandon s allbery kf8nh sine nomine associate=
s=0A=
allbery.b@gmail.com ballbery@sinenomine.ne=
t=0A=
unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.ne=
t=0A=
=0A=
________________________________________=0A=
From: Derek Atkins [warlord@MIT.EDU]=0A=
Sent: Thursday, February 07, 2013 13:36=0A=
To: Brandon Allbery=0A=
Cc: Antony Mayi; Andrew Deason; openafs-info@openafs.org=0A=
Subject: Re: [OpenAFS] Re: mtu problem=0A=
=0A=
Brandon Allbery <ballbery@sinenomine.net> writes:=0A=
=0A=
> A host or network which drops all ICMP indiscriminately is=0A=
> fundamentally broken, and I could make an argument for not allowing it=0A=
> to communicate with other networks at all. If someone is demanding=0A=
> drop-all-ICMP as "security best practice" then you need to find=0A=
> someone who actually understands networks and network security, and=0A=
> possibly challenge your current security advisor(s) for fraud.=0A=
=0A=
Good luck with that. Many sites on the internet block ICMPs.=0A=
=0A=
-derek=0A=
=0A=
--=0A=
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory=0A=
Member, MIT Student Information Processing Board (SIPB)=0A=
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH=0A=
warlord@MIT.EDU PGP key available=0A=