G root servers unreachable via ICMP(v6)

• Previous message (by thread): G root servers unreachable via ICMP(v6)
• Next message (by thread): G root servers unreachable via ICMP(v6)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

So, DoD does NOT have capacity to answer those little ICMP echo
request packets? Heh.. Anyway, this is IMO terrible practice.
Many many times I have to deal w/ "products" that do exacly the same
because its so much "secure" to not respond to ping.
Any basic network security researcher know that they are various
more effective methods to poking around endpoint to check if its online.

Cutting PING means you are hurting your basic troubleshooting.
Is that thing even plugged in? Maybe Firewall misconfiguration?

If you are just user internet endpoint not serving anything, that
method might be useful, but you need to drop pretty much anything.


---------- Original message ----------

From: Willy Manga <mangawilly at gmail.com>
To: nanog at nanog.org
Subject: G root servers unreachable via ICMP(v6)
Date: Tue, 16 May 2023 07:38:24 +0400

Hi,

DNS speaking, I can query G root servers; at least, that's the most important.

However, from several sites, either on IPv4 or IPv6, I cannot ping(6) them. Is
it by design, or it's an issue?

Side question: even if it was by design, is it a good practice to completely
restrict ICMP(v6)?

Thanks.


P.S: I sent the same email to dns-operations at lists.dns-oarc.net since 12 May
2023 but it's still in moderation.. If one admin is around .. :)

-- 
Willy Manga
@ongolaboy
https://ongola.blogspot.com/

• Previous message (by thread): G root servers unreachable via ICMP(v6)
• Next message (by thread): G root servers unreachable via ICMP(v6)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]