North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: operational: icmp echo out of control?
The problem here is that other types of probes raise IDS alarms on way too many networks - the next-best method is to probe HTTP ports, but we don't want to have to pull down thousands of web pages just to get performance stats. So, they send a SYN, wait for the ACK, record the latency and send a FIN. Sounds benign, but you'd be surprised how klaxons go off in response to this. -C > Perhaps most maddening is that ICMP echo/response hardly reflects > real-world performance. (At least I don't usually tunnel my > HTTP, SMTP, and FTP packets through ICMP, but perhaps I'm just > being weird again.) > > Attachment:
pgp00055.pgp
|