Re: connectivity to bkbits.net?

Miquel van Smoorenburg (miquels@cistron.nl)
Thu, 28 Nov 2002 23:59:24 +0000 (UTC)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Jones: "Re: PROBLEM : AGP don't work for SiS 645DX chipset (Asus P4S533)"
Previous message: Marcelo Tosatti: "linux-2.4.20 released"
Maybe in reply to: Larry McVoy: "connectivity to bkbits.net?"

In article <20021128211347.D27234@flint.arm.linux.org.uk>,
Russell King <rmk@arm.linux.org.uk> wrote:
>On Thu, Nov 28, 2002 at 06:53:00PM +0200, Kai Henningsen wrote:
>> >From two or three traceroutes, that problem seems to be at the SGI end. I
>> can't get to them either (nothing after the same IP as for you, at hop
>> #17, some place at Genuity), but you are practically next door.
>
>Lesson #1 of firewalling: drop everything.
>Lesson #2 of firewalling: only accept what you absolutely have to.

Lesson#3 of firewalling: due to #1 and #2 most admins block
ICMP_UNREACH_NEEDFRAG as well (ICMP == ping == bad) breaking
path MTUd. http://alive.znep.com/~marcs/mtu/

Note that IPv6 has no fragmentation and pMTUd is mandatory.
Oh joy.

Mike.

-- They all laughed when I said I wanted to build a joke-telling machine. Well, I showed them! Nobody's laughing *now*! -- acesteves@clix.pt

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Jones: "Re: PROBLEM : AGP don't work for SiS 645DX chipset (Asus P4S533)"
Previous message: Marcelo Tosatti: "linux-2.4.20 released"
Maybe in reply to: Larry McVoy: "connectivity to bkbits.net?"