[NTLUG:Discuss] SSH
Eric Schnoebelen
eric at cirr.com
Tue Oct 14 12:04:45 CDT 2003
Chris Cox writes:
- IMHO, disable ICMP ping(echo).
This is a bad answer. Especially if you interpret it as
disabling _all_ ICMP messages.
You want to permit Path MTU discovery, which uses ICMP,
and you want to make sure that ICMP replies (like host/network
unreachable) go back out.
Doing otherwise causes your site to look like a black
hole to the net, and will likely break applications and clients
using your site.
--
Eric Schnoebelen eric at cirr.com http://www.cirr.com
``...if a design for a teleporter ends up creating a miniature black hole
in your machine room, well, hey, sometimes that kind of thing happens
when you're tweaking reality using open source tools.'' -- Benjy Feen
More information about the Discuss
mailing list