This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
- Previous message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
- Next message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jens Link
lists at quux.de
Wed May 5 13:30:40 CEST 2021
Kurt Kayser <kurt_kayser at gmx.de> writes: Kurt, > you surely know that every enabled protocol/port is a potential threat. <rant> Yes. Many years ago we had a ping of death implemented in Windows 98(?). And then in some other IP implementations as well. So ping is evil!!1!!! Somebody could easily and with little overhead diagnose problems or just do simple monitoring. The additional overhead of using TCP is absolutely no problem for a modern system! Even if more then half of the users setup a check in their monitoring every minute or so. Please disable ICMP(v6) everywhere! Nobody needs PMTUD, ping and diagnostic messages! And disabling ICMPv6 makes IPv6 networks so much more secure. And we shouldn't stop there. Everybody who wants to access a service should have a written contract to do so. Every connection should be allowed with a packet filter *and* a router ACLs. Also there should be no direct connection to the service itself. Everything has to go through a proxy! Because proxies no any protocol better than the service itself. </rant> Jens -- ---------------------------------------------------------------------------- | Delbrueckstr. 41 | 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at quux.de | --------------- | ----------------------------------------------------------------------------
- Previous message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
- Next message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]