ietf
[Top] [All Lists]

RE: Problem of blocking ICMP packets

2004-05-07 13:08:18
But in between the network, some routers have some firewall 
configuration so that they will simply drop any incomming ICMP 
packet without sending any response to the sender. 

Not just routers. Many "host firewalls" will by default drop all
unsolicited ICMP packets. The rational is a variant of security by
obscurity: a host is more secure if its presence cannot be trivially
detected.

The old assumption used to be that if a host has an IP address, it can
receive pretty much any packet sent to that address. The practical
situation we have today is that if two hosts communicate over a given
protocol and port, they can receive packets from the same "five tuple"
but are not guaranteed to receive other packets. This has an important
consequence for many IETF designed protocols, including indeed path MTU
discovery.

-- Christian Huitema

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf