[63193] in North American Network Operators' Group
Re: ICMP Blocking Woes
daemon@ATHENA.MIT.EDU (Kevin Oberman)
Mon Sep 29 16:42:05 2003
To: ekgermann@cctec.com
Cc: "Stephen J. Wilcox" <steve@telecomplete.co.uk>,
"CA Windon" <lnxguru@yahoo.com>, nanog@merit.edu
In-Reply-To: Message from "Eric Germann" <ekgermann@cctec.com>
of "Mon, 29 Sep 2003 15:56:04 EDT." <NDBBJJPLIGJGLBKILFIHMEPLMIAA.ekgermann@cctec.com>
Date: Mon, 29 Sep 2003 13:41:17 -0700
From: "Kevin Oberman" <oberman@es.net>
Errors-To: owner-nanog-outgoing@merit.edu
> From: "Eric Germann" <ekgermann@cctec.com>
> Date: Mon, 29 Sep 2003 15:56:04 -0400
> Sender: owner-nanog@merit.edu
>
>
> winders does use udp instead of icmp in their tracert program, IIRC (or at
> least they used to). At the risk of getting my head blown off, could we say
> that was foresight :)
You have it backwards. Windows tracert uses ICMP while most Unix boxes
use the LBNL traceroute program (or something derived from it) which
uses UDP. But both rely on the return of ICMP TTL expired or
unreachable messages and blocking all ICMP breaks both.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
