nanog mailing list archives
Re: [NANOG] Microsoft.com PMTUD black hole?
From: Hank Nussbacher <hank () efes iucc ac il>
Date: Fri, 9 May 2008 00:10:12 +0300 (IDT)
On Wed, 7 May 2008, Michael Sinatra wrote:
Nathan Anderson/FSR wrote:Here is a brief update on the situation: I have been in contact with someone at Microsoft's service operations center, who has confirmed for me that MS does in fact block _all_ ICMP at the edge of their network, that they are aware that this will in fact break PMTUD, and that they have no current plans to change this practice which they have implemented in the interest of security.Although the need for your previous apology has already been questioned in this forum, the confirmation that they block not only certain ICMP types, but all ICMP, further vacates the need for any apology for criticizing this behavior in a pubic forum. It is disheartening for those of us who use and support MSFT's products to learn that their understanding of security lacks even the basic nuance to know not to block an entire--critical--portion of the Internet Protocol. Perhaps they should also block _all_ TCP and UDP as well, and then we can move on. I agree with Iljitsch that it happens frequently, but I think I am justified in expecting more than that from Microsoft. Anything less would be unprofessional.
I wonder if MS knows about: ICMP Packet Filtering v1.2 from 2003: http://www.cymru.com/Documents/icmp-messages.html Only been around 5 years or so. Hopefully MS people reading this email will take note, read the entire page and implement what everyone else has been doing for a number of years. -Hank _______________________________________________ NANOG mailing list NANOG () nanog org http://mailman.nanog.org/mailman/listinfo/nanog
Current thread:
- Re: [NANOG] Microsoft.com PMTUD black hole?, (continued)
- Re: [NANOG] Microsoft.com PMTUD black hole? Tomas L. Byrnes (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Iljitsch van Beijnum (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Tomas L. Byrnes (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Tomas L. Byrnes (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Bjørn Mork (May 08)
- Re: [NANOG] Microsoft.com PMTUD black hole? Joel Jaeggli (May 08)
- Re: [NANOG] Microsoft.com PMTUD black hole? Iljitsch van Beijnum (May 08)
- Re: [NANOG] [OPSEC] Microsoft.com PMTUD black hole? Smith, Donald (May 08)
- Re: [NANOG] Microsoft.com PMTUD black hole? Hank Nussbacher (May 08)
- Re: [NANOG] Microsoft.com PMTUD black hole? Deepak Jain (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? SML (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Tony Finch (May 08)
- Re: [NANOG] Microsoft.com PMTUD black hole? Blaine Christian (May 08)
- [NANOG] msnalerts () microsoft com invalid now (Was Re: Microsoft.com PMTUD black hole?) Mark Smith (May 16)
- [NANOG] msnalert () microsoft com valid (was Re: msnalerts () microsoft com invalid now) Mark Smith (May 16)