[48306] in North American Network Operators' Group
Re: operational: icmp echo out of control?
daemon@ATHENA.MIT.EDU (Chris Woodfield)
Tue May 28 13:09:07 2002
Date: Tue, 28 May 2002 13:05:19 -0400
From: Chris Woodfield <rekoil@semihuman.com>
To: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
Cc: Richard A Steenbergen <ras@e-gerbil.net>,
Mark Kent <mark@noc.mainstreet.net>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.20.0205232044500.28948-100000@www.everquick.net>
Errors-To: owner-nanog-outgoing@merit.edu
--CdrF4e02JqNVZeln
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
The problem here is that other types of probes raise IDS alarms on way too =
many=20
networks - the next-best method is to probe HTTP ports, but we don't want t=
o=20
have to pull down thousands of web pages just to get performance stats. So,=
=20
they send a SYN, wait for the ACK, record the latency and send a FIN.=20
Sounds benign, but you'd be surprised how klaxons go off in response to thi=
s.
-C
> Perhaps most maddening is that ICMP echo/response hardly reflects
> real-world performance. (At least I don't usually tunnel my
> HTTP, SMTP, and FTP packets through ICMP, but perhaps I'm just
> being weird again.)
>=20
>=20
--CdrF4e02JqNVZeln
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE887jOqP/YiunDNcERAol+AJ9Azj9TWeZ6IxtItHfIB14seZgFHQCeMxSA
CSDX/2qoNLUTadF99fmtsng=
=YuU4
-----END PGP SIGNATURE-----
--CdrF4e02JqNVZeln--
