Iljitsch van Beijnum <[EMAIL PROTECTED]> writes: > Now Microsoft is also the company that built the OS that could be > crashed by a maliciously crafted fragmented IP packet, so maybe > there's something to this security policy. (One hopes that this bug > and others like it are now fixed.)
Although the fact that Microsoft block all icmp makes me wonder which unfixed icmp related security holes they know about... I am not saying that there are any such holes in current Windows versions, but I will certainly not use a Windows server in an environment where I could receive icmp after learning that Microsoft themselves don't trust Windows' icmp handling. After all, Microsoft must have a reason to block all icmp. Or? > However, in that case the only workable course of action would be TO > DISABLE PATH MTU DISCOVERY! > > You can't have your cake and eat it too. But maybe the death of icmp is worth some sort of ceremony? Cake or not. Bjørn _______________________________________________ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
