[104340] in North American Network Operators' Group
Re: [NANOG] Microsoft.com PMTUD black hole?
daemon@ATHENA.MIT.EDU (Nathan Anderson/FSR)
Wed May 7 15:25:02 2008
Date: Wed, 07 May 2008 12:24:57 -0700
From: Nathan Anderson/FSR <nathana@fsr.com>
To: nanog@merit.edu
In-Reply-To: <20080507134507.GA23142@gsp.org>
Errors-To: nanog-bounces@nanog.org
Here is a brief update on the situation:
I have been in contact with someone at Microsoft's service operations
center, who has confirmed for me that MS does in fact block _all_ ICMP
at the edge of their network, that they are aware that this will in fact
break PMTUD, and that they have no current plans to change this practice
which they have implemented in the interest of security.
Nevertheless, the person I have been in contact with is naturally not
the final decision-maker on this issue and is going to continue to pass
the issue on up the chain of command for me. So although this issue is
not over and I do not have a final verdict from MS yet, I felt that,
given that I don't know how much time to expect to pass between now and
when that final verdict is rendered, it would be appropriate to let
everybody here know what I have learned thus far. Hopefully public
dissemination of this information factoid will prevent others in a
position similar to mine from having to helplessly beat their heads into
their keyboards.
I, naturally, voiced my strong objection over this security policy, and
attempted to make a reasoned argument with the contact I have over
there. We will see what comes of this.
Some have asked me to post copies of my private communication with my
Microsoft contact here. I don't think it is appropriate for me to post
copies of private communication without the other party's consent, so I
will have to decline unless he first gives me said consent.
Others have asked for valid contact information for the Microsoft NOC,
since the ARIN records for their 207.46.0.0/16 do not appear to be up to
date. I eventually found a working e-mail address from somebody
off-list who pointed to the WHOIS lookup from TUCOWS for
microsoft.comosoft.com (which I'm still not clear on what exactly this
is...). The e-mail address that was gleaned from this lookup was
msnhst@microsoft.com, which goes to the Microsoft Corporate Domains
Team. They, in turn, forwarded my message on to
msnalerts@microsoft.com, which generated a ticket # for me and is, as I
understand it, the e-mail address I was looking for in the first place
(leads to their network/system people).
I hope this is helpful to others.
Regards,
--
Nathan Anderson
First Step Internet, LLC
nathana@fsr.com
_______________________________________________
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
