Security Incidents mailing list archives
Re: Large Amounts of ICMP packets
From: David Luyer <david_luyer () PACIFIC NET AU>
Date: Sat, 19 Aug 2000 13:50:47 +1000
A customer of mine has been hit with large amounts of ICMP packets from akaimaitechnologies.com servers. I've seen these before and considered them a nusiance, but I feel 1600 ICMP packets a week to hosts that can not respond due to being behind a firewall is excessive, and it fills logs pretty quickly. The company response was that they use the pings to better serve the customers and to monitor usage. You can have addresses removed from their list of hosts by sending an email to the hostmaster listed below:
If you don't know who Akamai are, last time I worked through the stats they were 5% of the web content requested by Australian customers by URLs and about 10% by volume from memory - the %ages should be higher in the US I'd expect as they are US-based. But it's over a year since I worked out the exact stats. They provide a server farm (10 servers in our case) to decent sized ISPs for free, or even pay to co-locate it, then all Akamai URLs are local and fast traffic. Alteon (the L4 switch company recently acquired by Nortel(?)) have a switch which re-writes web pages on the fly to have URLs into the Akamai network for all large objects. People like cnn.com have all their actual media content on the Akamai network and then just the HTML on their own servers. Basically what I'm saying is, if you're a decent sized ISP or large company, 1600 ICMP packets a week is very little to pay to make sure you use the closest Akamai server for all the content in their network. Of course if you're large enough to qualify, you may be even better off asking them to provide you with an Akamai farm of your own. Of course if the network is unable to respond to the ICMP packets it's fairly pointless, but perhaps you could make something so the firewall responds to _all_ ICMP echos rather than blocking them? Then you might not end up with companies deciding the closest web server to you was in Eastern Europe :-) David. -- ---------------------------------------------- David Luyer Senior Network Engineer Pacific Internet (Aust) Pty Ltd Phone: +61 3 9674 7525 Fax: +61 3 9699 8693 Mobile: +61 4 1064 2258, +61 4 1114 2258 http://www.pacific.net.au NASDAQ: PCNTF << fast 'n easy >> ----------------------------------------------
Current thread:
- Large Amounts of ICMP packets Dante Mercurio (Aug 18)
- Re: Large Amounts of ICMP packets David Luyer (Aug 21)
- <Possible follow-ups>
- Re: Large Amounts of ICMP packets J. Oquendo (Aug 21)