ICMP Blocking Woes
Haesu
haesu at towardex.com
Mon Sep 29 17:15:32 UTC 2003
<rant>
Providers blocking all ICMP = ignorant
I can't possibly stand any ISP's blocking _ALL_ ICMP (alas it is happening now, I already know 5 ISP's around my area who's doing this as I speak) for any reasons.
If you want to *cough*cough*mitigate*/cough*/cough* impact of so-called BLASTER, please please please for the love of god, just block echo/echo replies.
Not to mention blocking icmp will not help stop the propagation of the worm.
</rant>
-hc
--
Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com | haesu at towardex.com
Cell: (978)394-2867 | Office: (978)263-3399 Ext. 174
Fax: (978)263-0033 | POC: HAESU-ARIN
On Mon, Sep 29, 2003 at 09:43:14AM -0700, CA Windon wrote:
>
> Dear NANOG-ers,
>
> I work for an information security company that is
> dependant upon ICMP for network mapping purposes
> (read: traceroute). On or about August 18, we were
> told, our upstream provider began blocking ICMP
> packets at its border in the Chicago NAP in an effort
> to cut down on the propagation of 'MSBlast'. This has
> effected our ability to accurately map our customers
> networks.
>
> We've been in contact with an engineer in this
> provider's NOC who is either unable or unwilling to
> remove this ACL for our block of IPs.
>
> Currently, we've been given two options. (1) Deal
> with the effect of the ACL until 'MSBlast' traffic
> subsides, or (2) they are willing to reroute our
> traffic out of the Chicago NAP to a border router
> that, they claim, does not have the same ACL. The
> problem with option 2 is that they would force us to
> renumber. This is a problem for us, as it would
> impact our customers as well.
>
> What options can I take to my management that would
> cause the least impact to the services we provide
> while not causing undue work for our clients. Also,
> what other options could I suggest to my upstream
> provider?
>
> TIA,
>
> C. Windon
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
More information about the NANOG
mailing list