[63264] in North American Network Operators' Group
Re: ICMP Blocking Woes
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Thu Oct 2 12:59:48 2003
Date: Thu, 2 Oct 2003 16:58:22 +0000 (GMT)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.44.0310020213590.13290-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
Lo! On Thu, 2 Oct 2003, Sean Donelan did sayeth:
> Various ISPs have been trying lots of different ICMP filters. You can
> see some of the impact on the Internet average graphs from XAffire.
>
> http://www.xaffire.com/press/ea/EA20030902_images?rf=EM005
>
> Xaffire/Matrix Systems apparently used ping packets that were the
> same size as those being filtered by some ISPs. According to Xaffire
> service providers implementing filters included Cable & Wireless and
> Level 3.
It does raise the question of whether ICMP Echo is a good mechanism for
monitoring systems that are across third party networks.
I personally think that filtering ICMP is becoming less useful and you would get
better results using other probe methods eg SYN/RST as deployed by numerous port
scanning tools eg nmap
Steve
