Is blocking _all_ ICMP types the wrong thing to do?
Yes. Unofrtunately, it's an argument I've lost with clients in the past, who have self-styled network security experts who believe that if some filtering is good, more must be better!
I've found lots of places which say blocking the icmp stuff for PTMU stuff is wrong (causing this issue). Where did the people who do block it get the idea from to actually do this and "break things" for their clients. Maybe they should be a warning up on their web page saying "People who have Fragmented TCP/IP packets will not be able to access this site properly because we are too lazy to fix our firewalls" (well its what it sounds like on the news article) Thanks Craig Talking for Myself - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog