[48317] in North American Network Operators' Group
IWF was: RE: operational: icmp echo out of control?
daemon@ATHENA.MIT.EDU (Deepak Jain)
Tue May 28 16:41:46 2002
Reply-To: <deepak@ai.net>
From: "Deepak Jain" <deepak@ai.net>
To: "Mike Tancsa" <mike@sentex.net>, "Jeff Mcadams" <jeffm@iglou.com>
Cc: <nanog@merit.edu>
Date: Tue, 28 May 2002 16:33:57 -0400
In-Reply-To: <5.1.0.14.0.20020528152550.0365fd38@marble.sentex.ca>
Errors-To: owner-nanog-outgoing@merit.edu
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
Mike Tancsa
Sent: Tuesday, May 28, 2002 3:36 PM
To: Jeff Mcadams
Cc: nanog@merit.edu
Subject: Re: operational: icmp echo out of control?
[deleted]
The access attempt(s) are shown below, including the date and time, port
number, TCP or UDP indicator, and, if known, a service name associated with
the port.
Jeu 09 mai 2002 15:30:22, Port 3, ICMP, Destination Unreachable
Jeu 09 mai 2002 15:30:21, Port 3, ICMP, Destination Unreachable
Jeu 09 mai 2002 15:30:10, Port 3, ICMP, Destination Unreachable
Jeu 09 mai 2002 15:30:09, Port 3, ICMP, Destination Unreachable
----
Speaking of IWFs... my personal pet peeve is when people forward you IDS or
Firewall / some other packet log and neglect to provide a timezone and
confirmation the clock was sync'd to a reliable source lately.
For those of us that have the capability of pouring through a few billion
packets to help identify _real_ issues, every few minutes represents
millions of packets.
Explaining the significance of this goes something like this:
NOC: "When was your clock was synchronized with a network time source?"
IWF: "huh?"
[repeat variations of this for at least 5 minutes]
Deepak Jain
AiNET
