nanog mailing list archives
Re: ICMP Blocking Woes
From: Haesu <haesu () towardex com>
Date: Mon, 29 Sep 2003 13:15:32 -0400
<rant> Providers blocking all ICMP = ignorant I can't possibly stand any ISP's blocking _ALL_ ICMP (alas it is happening now, I already know 5 ISP's around my area who's doing this as I speak) for any reasons. If you want to *cough*cough*mitigate*/cough*/cough* impact of so-called BLASTER, please please please for the love of god, just block echo/echo replies. Not to mention blocking icmp will not help stop the propagation of the worm. </rant> -hc -- Haesu C. TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | haesu () towardex com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 174 Fax: (978)263-0033 | POC: HAESU-ARIN On Mon, Sep 29, 2003 at 09:43:14AM -0700, CA Windon wrote:
Dear NANOG-ers, I work for an information security company that is dependant upon ICMP for network mapping purposes (read: traceroute). On or about August 18, we were told, our upstream provider began blocking ICMP packets at its border in the Chicago NAP in an effort to cut down on the propagation of 'MSBlast'. This has effected our ability to accurately map our customers networks. We've been in contact with an engineer in this provider's NOC who is either unable or unwilling to remove this ACL for our block of IPs. Currently, we've been given two options. (1) Deal with the effect of the ACL until 'MSBlast' traffic subsides, or (2) they are willing to reroute our traffic out of the Chicago NAP to a border router that, they claim, does not have the same ACL. The problem with option 2 is that they would force us to renumber. This is a problem for us, as it would impact our customers as well. What options can I take to my management that would cause the least impact to the services we provide while not causing undue work for our clients. Also, what other options could I suggest to my upstream provider? TIA, C. Windon __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
Current thread:
- ICMP Blocking Woes CA Windon (Sep 29)
- Re: ICMP Blocking Woes Crist Clark (Sep 29)
- Re: ICMP Blocking Woes Haesu (Sep 29)
- Re: ICMP Blocking Woes mike harrison (Sep 29)
- Re: ICMP Blocking Woes Stephen J. Wilcox (Sep 29)
- RE: ICMP Blocking Woes Eric Germann (Sep 29)
- RE: ICMP Blocking Woes CA Windon (Sep 29)
- Re: ICMP Blocking Woes Steven M. Bellovin (Sep 29)
- Re: ICMP Blocking Woes Paul Timmins (Sep 29)
- Re: ICMP Blocking Woes E.B. Dreger (Sep 29)
- Re: ICMP Blocking Woes Geo. (Sep 30)
- Re: ICMP Blocking Woes Eric Kagan (Sep 30)
- Re: ICMP Blocking Woes Eric Kagan (Sep 30)
- RE: ICMP Blocking Woes Eric Germann (Sep 29)