nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: G root servers unreachable via ICMP(v6)

From: borg () uu3 net
Date: Tue, 16 May 2023 10:37:16 +0200 (CEST)
So, DoD does NOT have capacity to answer those little ICMP echo
request packets? Heh.. Anyway, this is IMO terrible practice.
Many many times I have to deal w/ "products" that do exacly the same
because its so much "secure" to not respond to ping.
Any basic network security researcher know that they are various
more effective methods to poking around endpoint to check if its online.

Cutting PING means you are hurting your basic troubleshooting.
Is that thing even plugged in? Maybe Firewall misconfiguration?

If you are just user internet endpoint not serving anything, that
method might be useful, but you need to drop pretty much anything.


---------- Original message ----------

From: Willy Manga <mangawilly () gmail com>
To: nanog () nanog org
Subject: G root servers unreachable via ICMP(v6)
Date: Tue, 16 May 2023 07:38:24 +0400

Hi,

DNS speaking, I can query G root servers; at least, that's the most important.

However, from several sites, either on IPv4 or IPv6, I cannot ping(6) them. Is
it by design, or it's an issue?

Side question: even if it was by design, is it a good practice to completely
restrict ICMP(v6)?

Thanks.


P.S: I sent the same email to dns-operations () lists dns-oarc net since 12 May
2023 but it's still in moderation.. If one admin is around .. :)

-- 
Willy Manga
@ongolaboy
https://ongola.blogspot.com/
Previous By Date Next
Previous By Thread Next

Current thread: