|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ICMP unreachables, code 9,10,13
On Wed, 28 Mar 2007, Christos Papadopoulos wrote: > My next question is about responses to ICMP pings (echo request), > when they return ICMP UNREACHABLE with codes 9,10 or 13. > > Responses with these codes seem to imply the presence of a firewall. > Is this assumption correct or are these codes meaningless? > They do have meaning, and you do see them in production (generally in traceroute responses.) These can indicate the presence of either a firewall, or an ACL. Both traffic barriers are typically configurable, and whether or not you get a response is very often dictated by how hardcore the network engineer or security engineer is about giving up information about their network. > If this a configurable parameter, how to you typically decide what > to set it to? See previous comment about relative values of hardcore. Arguably, use of these options is telling the end user things about your network configuration, including, very specifically, which device is blocking their traffic. Depending on your security stance and requirements, this may be good or bad. Personally, I simply drop the offending packets into the bitbucket and let the user wonder. - billn
|