See below Jared Mauch
On Aug 20, 2010, at 6:16 PM, Brandon Ross <br...@pobox.com> wrote: > On Fri, 20 Aug 2010, valdis.kletni...@vt.edu wrote: > >> Until a PC or something on the network gets pwned, and issues selective >> forged >> ICMP redirects to declare itself a router and the appropriate destination for >> some traffic, which it can then MITM to its heart's content. *Then* you truly >> have a manure-on-fan situation. > > I believe the question was along the lines of, "why do I turn this off on my > router?" > > How does turning off ICMP redirects on the router prevent a rouge PC from > sending ICMP redirects to it's neighbors? > > I'm in the same boat here. I know there's a lot of conventional wisdom that > says to turn it off, but I'm yet to hear a convincing argument as to why I > should bother. Now configuring your hosts to ignore them, that I could > understand. The issue is routers typically do this in software requiring a punt and CPU theft from bgp, ospf etc. > > -- > Brandon Ross AIM: BrandonNRoss > ICQ: 2269442 > Skype: brandonross Yahoo: BrandonNRoss
