FWD: RE: FW: Getting hacked by Digital Isle?

Grant A. Kirkwood grant at virtical.net
Fri Oct 26 16:39:28 UTC 2001


measl at mfn.org wrote:
> 
> On Fri, 26 Oct 2001, Nick Thompson wrote:
> 
> > Heh.  I've found the best solution is to neither let ICMP in or out of
> > your network.  It works wonders. :)
> >
> > /nick

This is getting a bit ridiculous.

ping was created to test connectivity. And most of our jobs here include
trying to improve performance of the internet in general. Is this not
what DI is doing, albeit in an automagic way?

Personally I find it annoying when some firewall administrator starts
blocking icmp. First thing I do when I've got a new router up is ping
yahoo.com. If a customer experiences connectivity issues... try pinging
yahoo.com. That gives me somewhere to start.

If Yahoo started blocking icmp, I'd imagine there'd be hordes of
engineers kicking themselves, doing 'sh run' over and over looking for
something wrong.

Fine, block icmp on your network. Don't complain the first time a
customer of mine can't get your site and I do absolutely nothing about
it.

Grant

-- 
Grant A. Kirkwood - grant at virtical.net
Chief Technology Officer - Virtical Solutions, Inc.
http://www.virtical.net/



More information about the NANOG mailing list