I'm still trying to figure out how this attack is possible if the PaloAlto doesn't have a session associated with the attack traffic. In order for the PA to allow ICMP Type3, Code3, it would have to be associated with an Echo-Request in order to build a session. if there is no session, the PA should silent drop the traffic. Am I correct or is there something I am missing?
... View more