operational: icmp echo out of control?
Chris Woodfield
rekoil at semihuman.com
Tue May 28 17:05:19 UTC 2002
The problem here is that other types of probes raise IDS alarms on way too many
networks - the next-best method is to probe HTTP ports, but we don't want to
have to pull down thousands of web pages just to get performance stats. So,
they send a SYN, wait for the ACK, record the latency and send a FIN.
Sounds benign, but you'd be surprised how klaxons go off in response to this.
-C
> Perhaps most maddening is that ICMP echo/response hardly reflects
> real-world performance. (At least I don't usually tunnel my
> HTTP, SMTP, and FTP packets through ICMP, but perhaps I'm just
> being weird again.)
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020528/949df43a/attachment.sig>
More information about the NANOG
mailing list