North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ICMP Blocking Woes
<rant> Providers blocking all ICMP = ignorant I can't possibly stand any ISP's blocking _ALL_ ICMP (alas it is happening now, I already know 5 ISP's around my area who's doing this as I speak) for any reasons. If you want to *cough*cough*mitigate*/cough*/cough* impact of so-called BLASTER, please please please for the love of god, just block echo/echo replies. Not to mention blocking icmp will not help stop the propagation of the worm. </rant> -hc -- Haesu C. TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | [email protected] Cell: (978)394-2867 | Office: (978)263-3399 Ext. 174 Fax: (978)263-0033 | POC: HAESU-ARIN On Mon, Sep 29, 2003 at 09:43:14AM -0700, CA Windon wrote: > > Dear NANOG-ers, > > I work for an information security company that is > dependant upon ICMP for network mapping purposes > (read: traceroute). On or about August 18, we were > told, our upstream provider began blocking ICMP > packets at its border in the Chicago NAP in an effort > to cut down on the propagation of 'MSBlast'. This has > effected our ability to accurately map our customers > networks. > > We've been in contact with an engineer in this > provider's NOC who is either unable or unwilling to > remove this ACL for our block of IPs. > > Currently, we've been given two options. (1) Deal > with the effect of the ACL until 'MSBlast' traffic > subsides, or (2) they are willing to reroute our > traffic out of the Chicago NAP to a border router > that, they claim, does not have the same ACL. The > problem with option 2 is that they would force us to > renumber. This is a problem for us, as it would > impact our customers as well. > > What options can I take to my management that would > cause the least impact to the services we provide > while not causing undue work for our clients. Also, > what other options could I suggest to my upstream > provider? > > TIA, > > C. Windon > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com
|