Answer:
See the explanation
Explanation:
1. The router can send back an ICMP error code indicating what happened in this case.
2. If you send back an ICMP error code, the user's connection attempt will fail immediately, otherwise it will time out which will take several minutes.
There are two types of ICMP codes they are destination unreachabl and destination administratively unreachable:
- The first pair of ICMP error codes(destination unreachable)might return, host unreachable and network unreachable. It is designed to indicate serious network problems.
- The second set of ICMP error codes the (destination administratively unreachable)might return, host administratively unreachable and network administratively unreachable.It is added to the official list of ICMP message types later, specifically to return when they dropped a packet.
If your router returns an ICMP error code for every packet that violates your filtering policy you are also giving an attacker a way to probe your filtering system.
If your router offers enough flexibility, it might make sense to configure it to return ICMP error codes to internal systems (which would like to know immediately that something is going to fail, rather than wait for a timeout) but not to external systems.
Hope this helps!
