North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP unreachables, code 9,10,13

  • From: Roland Dobbins
  • Date: Wed Mar 28 19:26:36 2007
  • Authentication-results: sj-dkim-7; [email protected]; dkim=pass ( sig from verified; );
  • Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=609; t=1175123646; x=1175987646; c=relaxed/simple; s=sjdkim7002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;; [email protected]; z=From:=20Roland=20Dobbins=20<[email protected]> |Subject:=20Re=3A=20ICMP=20unreachables,=20code=209,10,13 |Sender:=20; bh=VAhN6XEimiZxNzWC8AhlwcAnP0v1ZA6G8wXqwDMheF4=; b=cWHWcnkUY1Yl6YWJshhr3Ic0seWZl33dA7NKZmzo2qd/UyySKghfsq9J8fkvvqqKDkIhbeD+ fRws+MjK2/2lKAtjbyxO6q8XqioxgNSybzy1ior1z5gfX78BsfEWSBge;

On Mar 28, 2007, at 3:57 PM, Christos Papadopoulos wrote:

Responses with these codes seem to imply the presence of a firewall.
Is this assumption correct or are these codes meaningless?

Not just firewalls - ACLs on routers, too.

A common practice is to either turn off sending of unreachables or to at least rate-limit them to preserve CPU on the router.

Roland Dobbins <[email protected]> // 408.527.6376 voice

Words that come from a machine have no soul.

-- Duong Van Ngo