North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP Blocking Woes

  • From: Haesu
  • Date: Mon Sep 29 13:21:17 2003

<rant>
Providers blocking all ICMP = ignorant

I can't possibly stand any ISP's blocking _ALL_ ICMP (alas it is happening now, I already know 5 ISP's around my area who's doing this as I speak) for any reasons.

If you want to *cough*cough*mitigate*/cough*/cough* impact of so-called BLASTER, please please please for the love of god, just block echo/echo replies.

Not to mention blocking icmp will not help stop the propagation of the worm.

</rant>

-hc

-- 
Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com | [email protected]
Cell: (978)394-2867     | Office: (978)263-3399 Ext. 174
Fax: (978)263-0033      | POC: HAESU-ARIN

On Mon, Sep 29, 2003 at 09:43:14AM -0700, CA Windon wrote:
> 
> Dear NANOG-ers,
> 
> I work for an information security company that is
> dependant upon ICMP for network mapping purposes
> (read: traceroute).  On or about August 18, we were
> told, our upstream provider began blocking ICMP
> packets at its border in the Chicago NAP in an effort
> to cut down on the propagation of 'MSBlast'.  This has
> effected our ability to accurately map our customers
> networks.
> 
> We've been in contact with an engineer in this
> provider's NOC who is either unable or unwilling to
> remove this ACL for our block of IPs.
> 
> Currently, we've been given two options.  (1) Deal
> with the effect of the ACL until 'MSBlast' traffic
> subsides, or (2) they are willing to reroute our
> traffic out of the Chicago NAP to a border router
> that, they claim, does not have the same ACL.  The
> problem with option 2 is that they would force us to
> renumber.  This is a problem for us, as it would
> impact our customers as well.
> 
> What options can I take to my management that would
> cause the least impact to the services we provide
> while not causing undue work for our clients.  Also,
> what other options could I suggest to my upstream
> provider?
> 
> TIA,
> 
> C. Windon
> 
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com