Re: [fw-wiz] A fun smackdown...
From: Steven M. Bellovin (smb_at_cs.columbia.edu)
Date: 05/21/05
- Previous message: lordchariot_at_earthlink.net: "RE: [fw-wiz] A fun smackdown..."
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] A fun smackdown..."
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] A fun smackdown..."
- Reply: Marcus J. Ranum: "Re: [fw-wiz] A fun smackdown..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Marcus J. Ranum" <mjr@ranum.com> Date: Sat, 21 May 2005 15:51:44 -0400
In message <6.2.0.14.2.20050520220022.0712ea20@mail.ranum.com>, "Marcus J. Ranu
m" writes:
>
>>> How about excessive ICMP filtering breaking path MTU discovery?
>
>Another perfect example of a bunch of egg-heads in the IETF
>coming up with a mechanism for doing something that
>completely ignored existing implementations of security
>systems - and breaks as a result. The PMTU discovery
>mechanism, using ICMP, was moronic design from the get-go.
>
Path MTU was standardized in RFC 1191, from November 1990. Virtually no
one had firewalls back then. It didn't "ignore existing
implementations of security systems" because there were almost none.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: lordchariot_at_earthlink.net: "RE: [fw-wiz] A fun smackdown..."
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] A fun smackdown..."
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] A fun smackdown..."
- Reply: Marcus J. Ranum: "Re: [fw-wiz] A fun smackdown..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
