[AusNOG] network security Question
David Beveridge
dave at bevhost.com
Wed May 21 09:16:26 EST 2014
On Wed, May 21, 2014 at 9:05 AM, Luca Salvatore <luca at digitalocean.com> wrote:
> There's a special place in Hell reserved for people (especially providers)
> who block ICMP ;-)
>
I came across this the other day when I was trying to figure out why a customer
could not connect to any https:// ... westpac.com.au sites.
http://en.wikipedia.org/wiki/Path_MTU_Discovery
"Many network security devices block all ICMP messages for perceived
security benefits"
The workaround for us was to mangle the outbound TCP MSS.
More information about the AusNOG
mailing list