Re: (ASCEND) How to shut off ICMP through a PIPE85

To: geoffrey <monkey@blackhat.net>
Subject: Re: (ASCEND) How to shut off ICMP through a PIPE85
From: Phillip Vandry <vandryp@psi.ca>
Date: Sat, 22 Jan 2000 15:37:37 -0500 (EST)
cc: ascend-users@bungi.com
In-reply-to: Your message of "Sat, 22 Jan 2000 00:38:52 EST." <Pine.LNX.4.21.0001220034470.512-100000@pud.austin.ticom.com>
Sender: owner-ascend-users@max.bungi.com

This is a bad idea. ICMP is an integral part of the IP protocol. It
is absolutely required for things like TCP Path MTU Discovery to work
correctly, and it helps a lot to report useful error messages to
users trying to contact sites that are unreachable instead of just
always 'timeout'.

WARNING: If you prevent ICMP from exiting through your router, you are
disabling some legitimate fraction of the Internet from talking
to you.

You should consider restricting only ping (echo request/echo reply) or
something like that.

That being said, use the following:

Output Filters...Out filter 01...
	Valid=Yes
	Type=IP
	Ip...Forward=No
	Ip...Protocol=1
Output Filters...Out filter 02...
	Valid=Yes
	Type=Generic
	Generic...Forward=Yes

-Phil

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi everyone,
> 	can someone help me shut off ICMP replies from my router. It's a
> Pipeline 85. I have read through the Ascend manuals, but I still can't
> seem to add the appropriate data filter, and get it to save. Can someone
> point me to, or supply me, a very straightforward HOWTO on doing
> this? Thanks for any, and all, help.
> 
> geoffrey
> +++++++++++++++++++++++++++++++++++
> 
> Two hundred ... forty dollars ...
> worth of puddin'!  Aaah yeaaah!
> 
> ++++++++++++++++++++++++++++++++++
> Key fingerprint ===> 3B5C 0F9E 4CE0 EEA7 980B  6F43 B342 23C8 EF21 48DF
> Public key available upon request.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP for Personal Privacy 5.0
> Charset: noconv
> 
> iQA/AwUBOIlQh7NCI8jvIUjfEQJtTQCdFC0E9nRSpb7WvSR5D/rzY0h7cMwAoI5G
> R6uondIhZtCbB2PQ/XvEnHJx
> =bmn6
> -----END PGP SIGNATURE-----
> 
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd:	<http://www.nealis.net/ascend/faq>
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:
- (ASCEND) How to shut off ICMP through a PIPE85
  - From: geoffrey <monkey@blackhat.net>

Prev by Date: (ASCEND) System password prompt
Next by Date: (ASCEND) Forcing a call to a modem
Prev by thread: (ASCEND) How to shut off ICMP through a PIPE85
Next by thread: (ASCEND) Forcing a call to a modem
Index(es):
- Date
- Thread