I would think that a number of routers out there would be able to
block ICMP packets based on type and code (ours does). If your vendor
doesn't do this, ask them to add it -- it's a pretty simple addition,
and obviously pretty useful, too.
From: Luther Garcia <luth @
Date: Fri, 1 Apr 1994 12:54:38 -0500 (EST)
Subject: "ICMP redirects"
I was wondering if anyone out there knows a way to protect from
forged ICMP redirects. We can't just disable ICMP as we need the
ability to do pings. Any suggestions would be apprecitated and carefully