North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [NANOG] Microsoft.com PMTUD black hole?

  • From: Michael Sinatra
  • Date: Wed May 07 15:46:22 2008

Nathan Anderson/FSR wrote:
> Here is a brief update on the situation:
> 
> I have been in contact with someone at Microsoft's service operations 
> center, who has confirmed for me that MS does in fact block _all_ ICMP 
> at the edge of their network, that they are aware that this will in fact 
> break PMTUD, and that they have no current plans to change this practice 
> which they have implemented in the interest of security.

Although the need for your previous apology has already been questioned 
in this forum, the confirmation that they block not only certain ICMP 
types, but all ICMP, further vacates the need for any apology for 
criticizing this behavior in a pubic forum.  It is disheartening for 
those of us who use and support MSFT's products to learn that their 
understanding of security lacks even the basic nuance to know not to 
block an entire--critical--portion of the Internet Protocol.  Perhaps 
they should also block _all_ TCP and UDP as well, and then we can move on.

I agree with Iljitsch that it happens frequently, but I think I am 
justified in expecting more than that from Microsoft.  Anything less 
would be unprofessional.

*Speaking for myself only, of course!*

michael

_______________________________________________
NANOG mailing list
[email protected]
http://mailman.nanog.org/mailman/listinfo/nanog