Subject: Re: Stupid ICMP and fragmentation tricks
To: Paul DuBois <firstname.lastname@example.org>
From: Bill Sommerfeld <email@example.com>
Date: 09/21/1999 11:26:18
> On Tue, Sep 21, 1999 at 01:35:57AM -0700, M Graff wrote:
> > It seems people who write firewall rules are idiots these days. Most
> > places recommend blocking "all ICMP" -- which breaks M$'s
> > implementation of Path MTU discovery quite nicely.
> It's a problem to break Microsoft's implementation?
Blocking all ICMP's breaks *all* known Path MTU discovery
implementations, because PMTUD depends on receiving ICMP
unreachable/"fragmentation needed but DF set" errors from the