[OpenAFS] Re: mtu problem

Brandon Allbery ballbery@sinenomine.net
Thu, 7 Feb 2013 18:39:47 +0000


Subset of, yes.  All?  So many sites on the Internet can't be accessed reli=
ably from the many OSes that do PMTUD?  Somehow, I doubt.=0A=
=0A=
--=0A=
brandon s allbery kf8nh                               sine nomine associate=
s=0A=
allbery.b@gmail.com                                  ballbery@sinenomine.ne=
t=0A=
unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.ne=
t=0A=
=0A=
________________________________________=0A=
From: Derek Atkins [warlord@MIT.EDU]=0A=
Sent: Thursday, February 07, 2013 13:36=0A=
To: Brandon Allbery=0A=
Cc: Antony Mayi; Andrew Deason; openafs-info@openafs.org=0A=
Subject: Re: [OpenAFS] Re: mtu problem=0A=
=0A=
Brandon Allbery <ballbery@sinenomine.net> writes:=0A=
=0A=
> A host or network which drops all ICMP indiscriminately is=0A=
> fundamentally broken, and I could make an argument for not allowing it=0A=
> to communicate with other networks at all.  If someone is demanding=0A=
> drop-all-ICMP as "security best practice" then you need to find=0A=
> someone who actually understands networks and network security, and=0A=
> possibly challenge your current security advisor(s) for fraud.=0A=
=0A=
Good luck with that.  Many sites on the internet block ICMPs.=0A=
=0A=
-derek=0A=
=0A=
--=0A=
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory=0A=
       Member, MIT Student Information Processing Board  (SIPB)=0A=
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH=0A=
       warlord@MIT.EDU                        PGP key available=0A=