Re: SOLVED -- Re: [EXIM] (un)blocking dynamic IP addresses […

Top Page
Delete this message
Reply to this message
Author: Paul Mansfield
Date:  
To: Exim Users Mailing List
Subject: Re: SOLVED -- Re: [EXIM] (un)blocking dynamic IP addresses [Was: A way to do this?]

sorry for being so late in replying (on holiday), but I wanted to add my
0.1213 euros...

On Tue, 20 Apr 1999, Greg A. Woods wrote:
..snip..
> about TCP/IP. You'll see small packet arrive from one host and pass
> through to the other, but big packets will arrive and be discarded and

..snip..
> problem is that their own users can't send e-mail or whatever. Some
> security officers are quite ignorant of what they're doing while at the


I think the basic problem with people filtering ICMP is that some books
(Cheswick and Bellovin) hint that ICMP is very dangerous, and a lot of people
not knowing that icmp has a wide variety of uses (not just ping, which can be
used to probe for hosts) block it all, rather than things like ICMP REDIRECT
which can be used for denial of service attacks.

As ever, a little knowledge is a dangerous thing...

Paul


--
*** Exim information can be found at http://www.exim.org/ ***