[unisog] Necessary ICMP traffic and the SANS/FBI top 20
kline at uiuc.edu
Mon Jun 16 16:25:15 GMT 2003
> Given all the other ICMP messages available to intruders I am curious
> if a better approach would not be to allow only fragmentation needed
> (3-4) and source quench in/out of your network. It seems that any
> others should only be passing between nodes inside your network.
Source quench fell out of use in favor of better congestion-control
mechanisms such as slow-start. I don't believe any stack even uses it at
all these days, so I'd assume it'd be fine to block as well.
One of my dubious claims to fame is that Van Jacobson cited me in a paper
he wrote on congestion control, but only to say that my implementation of
source quench for congestion control "can be shown to perform poorly." :)
More information about the unisog