[NANOG] Microsoft.com PMTUD black hole?

• Previous message (by thread): [NANOG] [OPSEC] Microsoft.com PMTUD black hole?
• Next message (by thread): [NANOG] Microsoft.com PMTUD black hole?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 7 May 2008, Michael Sinatra wrote:

> Nathan Anderson/FSR wrote:
>> Here is a brief update on the situation:
>>
>> I have been in contact with someone at Microsoft's service operations
>> center, who has confirmed for me that MS does in fact block _all_ ICMP
>> at the edge of their network, that they are aware that this will in fact
>> break PMTUD, and that they have no current plans to change this practice
>> which they have implemented in the interest of security.
>
> Although the need for your previous apology has already been questioned
> in this forum, the confirmation that they block not only certain ICMP
> types, but all ICMP, further vacates the need for any apology for
> criticizing this behavior in a pubic forum.  It is disheartening for
> those of us who use and support MSFT's products to learn that their
> understanding of security lacks even the basic nuance to know not to
> block an entire--critical--portion of the Internet Protocol.  Perhaps
> they should also block _all_ TCP and UDP as well, and then we can move on.
>
> I agree with Iljitsch that it happens frequently, but I think I am
> justified in expecting more than that from Microsoft.  Anything less
> would be unprofessional.

I wonder if MS knows about:
ICMP Packet Filtering v1.2 from 2003:
http://www.cymru.com/Documents/icmp-messages.html
Only been around 5 years or so.  Hopefully MS people reading this email 
will take note, read the entire page and implement what everyone else has 
been doing for a number of years.

-Hank

• Previous message (by thread): [NANOG] [OPSEC] Microsoft.com PMTUD black hole?
• Next message (by thread): [NANOG] Microsoft.com PMTUD black hole?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]