> when I add the following rule to iptables, the linux server (Kernel > 2.4.29-grsec) is no longer vulnerable to the DOS: > iptables -I INPUT 1 -p icmp -j DROP > > I am interested in knowing if this work around makes any sense. Please > keep me informed about this vulnerability. This breaks PMTU detection. ICMP is a host requirement, it is not optional. DS