-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
Hello,
A few customers complaining ... Sunrise filtering ICMP ?
radium.noc.ip-man.net (0.0.0.0)(tos=0x0 psize=64 bitpattern=0x00) Thu Feb 1 10:34:56 2007 Keys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. vl64.ar01.gva254.ip-man.net 0.0% 4 1.0 0.9 0.7 1.0 0.1 2. ge4-2.ag01.gva05.ip-man.net 0.0% 4 1.6 1.4 1.2 1.6 0.2 3. ge0-3.cr01.gva05.ip-man.net 0.0% 4 1.9 1.8 1.4 1.9 0.2 4. ge-4-2-101.hsa2.Geneva1.Level3.net 0.0% 4 2.4 2.8 2.4 3.0 0.3 5. ???
You should think before filtering all this. Too much problems because of this.
Regards,
Nicolas
A few customers complaining ... Sunrise filtering ICMP ? ...
You should think before filtering all this. Too much problems because of this.
Right. ermm...
What about other kind of ICMP ? do they filter any ICMP packet or just ICMP echo request/reply ? If they filter any ICMP packet they just break the rules, what about host unreachable ? MTU exceeded ? and all other kind of ICMP which are ESSENTIAL to run the Internet correctly !?!?
IMHO, this is not acceptable.
Pascal
On Feb 1, 2007, at 2:45 AM, Pascal Gloor wrote:
A few customers complaining ... Sunrise filtering ICMP ? ...
You should think before filtering all this. Too much problems because of this.
Right. ermm...
What about other kind of ICMP ? do they filter any ICMP packet or just ICMP echo request/reply ? If they filter any ICMP packet they just break the rules, what about host unreachable ? MTU exceeded ? and all other kind of ICMP which are ESSENTIAL to run the Internet correctly !?!?
IMHO, this is not acceptable.
Perhaps they're doing this because of the recent Cisco ICMP vulnerabilities? Given that transit functions and even time-exceeded messages are still generated, one could argue that this is quite prudent?
-danny
A few customers complaining ... Sunrise filtering ICMP ?
Looks like that:
Sunrise Peer (sunrise) 195.141.190.109 Host Status: DOWN (Has been acknowledged) Status Information: CRITICAL - Plugin timed out after 10 seconds Last Status Check: 01-02-2007 10:47:52 Status Data Age: 0d 0h 2m 24s Last State Change: 31-01-2007 13:48:29 Current State Duration: 0d 21h 1m 47s
Mit freundlichen Grüssen
Benoit Panizzon
Yep, they applied filters... :-/
cheers, michel
-----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog- bounces@lists.swinog.ch] Im Auftrag von Nicolas Strina Gesendet: Donnerstag, 1. Februar 2007 10:37 An: swinog@swinog.ch Betreff: [swinog] Sunrise ICMP filtering ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
Hello,
A few customers complaining ... Sunrise filtering ICMP ?
radium.noc.ip-man.net (0.0.0.0)(tos=0x0 psize=64 bitpattern=0x00) Thu Feb 1 10:34:56 2007 Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings Host Loss% Snt Last Avg Best Wrst StDev
- vl64.ar01.gva254.ip-man.net
0.0% 4 1.0 0.9 0.7 1.0 0.1 2. ge4-2.ag01.gva05.ip-man.net 0.0% 4 1.6 1.4 1.2 1.6 0.2 3. ge0-3.cr01.gva05.ip-man.net 0.0% 4 1.9 1.8 1.4 1.9 0.2 4. ge-4-2-101.hsa2.Geneva1.Level3.net 0.0% 4 2.4 2.8 2.4 3.0 0.3 5. ???
You should think before filtering all this. Too much problems because of this.
Regards,
Nicolas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD)
iD8DBQFFwbS8hVupqbmzoscRA9BDAJ9yHpm7WkUqvqKSSIkA/uw9ye5iigCfUryI VV4sS+8Fpr2sPjuuJxVC14M= =35IF -----END PGP SIGNATURE----- _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
-
Benoit Panizzon -
Danny McPherson -
Michel Renfer -
Nicolas Strina -
Pascal Gloor