Every time I've had to fight with path MTU discovery not working I've cursed the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		EvanAnderson 89 days ago \| parent \| context \| favorite \| on: A story about bypassing air Canada's in-flight net... Every time I've had to fight with path MTU discovery not working I've cursed the people who block all ICMP, though. If ICMP echo / echo-reply is the problem just block that. At the very least, allow destination unreachable / fragmentation needed thru (type 3, code 4).

yardstick 89 days ago | [–]

I am sure someone will find a way to exfiltrate data using any ICMP type. How good are firewalls at validating the packets are legit?

pixl97 89 days ago | [–]

Most of the people blocking ICMP have no clue that ICMP codes/types even exist.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact