[ale] network problems?
John Wells
jb at sourceillustrated.com
Fri Feb 14 15:35:56 EST 2003
Michael H. Warfield said:
> I hope your not absolutely serious there...
>
> Blocking all UDP - DNS? NTP?
Yup, afaik. Certain UDP is allowed through, but only to specific hosts,
such as our internal DNS server...all udp from or to workstations is
dropped at the fw.
> Blocking all ICMP - PMTU discovery fails, tcp connections fall
> down go boom or crawl at a snails pace (Needs ICMP WOULD FRAGMENT to
> work).
Perhaps I was a bit rash in my statments (wouldn't be the first time), but
I know many tools that rely on ICMP (like ping, traceroute) fail for
anything outside the fw. I guess they're only blocking certain types of
ICMP messages?
John
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list