Refusing Pings on Core Routers??? A new trend?

Schliesser, Benson bensons at
Fri Oct 20 00:53:56 UTC 2006

> Q: "As part of this, can you tell me why your router is prohibiting
> packets being sent to our interface?"
> A:"	The reason you cannot hit your interface is it is blocked for
> security reasons."
> [...]
> What the heck is going on lately? Have we returned to the time where 
> we've started trying to hide lacks of capacity instead of fixing

You would be mistaken to think that a router's lack of responsiveness to
your queries is indicative of forwarding capacity issues.

To ask your question from the opposite point of view, are there any
operators of large networks today that don't filter and police traffic
destined for the control/management plane of their routers?

Anticipating the answer to that question: I think it is only reasonable
to limit the impact that random strangers can have on my network's
stability. Your ability to traceroute is valuable, but not more valuable
than my network's uptime.


More information about the NANOG mailing list