North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: operational: icmp echo out of control?

  • From: Chris Woodfield
  • Date: Tue May 28 13:10:44 2002

The problem here is that other types of probes raise IDS alarms on way too many 
networks - the next-best method is to probe HTTP ports, but we don't want to 
have to pull down thousands of web pages just to get performance stats. So, 
they send a SYN, wait for the ACK, record the latency and send a FIN. 
Sounds benign, but you'd be surprised how klaxons go off in response to this.

-C

> Perhaps most maddening is that ICMP echo/response hardly reflects
> real-world performance.  (At least I don't usually tunnel my
> HTTP, SMTP, and FTP packets through ICMP, but perhaps I'm just
> being weird again.)
> 
> 

Attachment: pgp00055.pgp
Description: PGP signature