Dum_Dum Registered User

JimmyCrackCorn Registered User

Someone doing ping sweeps looking for hosts.

Malware doing its thing.

Background noise is just a fact of life on the internet.

BaconZombie Registered User

To be RFC compliant people should not block ICMP packets.

schrodinger Registered User

BaconZombie said:
To be RFC compliant people should not block ICMP packets.

Your reply may be disingenuous. There is a case of being protocol compliant and then the recommendations of the RFC documents, or just down right "Because the RFC told you so".

An example of being a specific TYPE of ICMP packet that MUST BE permitted to be RFC compliant would be RFC 2979 - 3.1.1. Path MTU Discovery and ICMP.

However, I don't believe this helps the OP but should be stated anyway in case people start thinking that permitting things like ICMP REDIRECT is a MUST for RFC compliance - where one might not need to accept ICMP REDIRECT packets at all.

There is a rather long list of ICMP TYPES. Usually the (better) rule of thumb is to permit what is 'useful ICMP' for your environment and then rate limit those that you permit.

1 person has thanked this post
infodox Registered User

Just whitelist. Allow known-good, prohibit all else. Sure, according to the RFC's, your coffee machine has to comply with the COFFEE/HTTP Protocol! http://www.ietf.org/rfc/rfc2324.txt

As for PMTUD... Ugh. Get rid of it. I won't bother getting into it, but "Silence on the wire" explains why it is silly.

*note, obviously not being serious about the coffee protocol, but it IS a RFC

1 person has thanked this post

Want to share your thoughts?

Login here to discuss!