Re: [NANOG] Pingable IPs on backbones?

[Pim van Riezen <pi () vuurwerk nl>]

On Tue, 30 Jan 2001, Christopher A. Woodfield wrote:

> What this brought to mind was this question: would it be worth my time to
> compile a list of pingable and traceable IPs that live on the major
> backbones for connectivity testing and troubleshooting? I do wind up
> seeing a lot of cloobies trying to ping a site, and assuming it's down
> because IMCP-blocked.

What I've been wondering is why is ICMP seen as such an inherent evil that
it should be completely blocked? There are so many ways to pound on host
tcp stacks, the days that "ping -f" was an actual problem seem far gone.
This ICMP-envy seen on some networks takes away a useful tool and leads to
paranoid misconfiguration (like blocking pmtu-discovery combined with tcp
don't fragment flags, *cough*) makes me wonder, is it still really any use
at all to block icmp echo-requests? If so, would using CAR on it be
prohibitively expensive? Or is this all just a brick wall to run in to,
sort of like the smurf-reflector issues?

Cheers,
Pi