measl@mfn.org wrote:
On Fri, 26 Oct 2001, Nick Thompson wrote:
Heh. I've found the best solution is to neither let ICMP in or out of your network. It works wonders. :)
/nick
This is getting a bit ridiculous. ping was created to test connectivity. And most of our jobs here include trying to improve performance of the internet in general. Is this not what DI is doing, albeit in an automagic way? Personally I find it annoying when some firewall administrator starts blocking icmp. First thing I do when I've got a new router up is ping yahoo.com. If a customer experiences connectivity issues... try pinging yahoo.com. That gives me somewhere to start. If Yahoo started blocking icmp, I'd imagine there'd be hordes of engineers kicking themselves, doing 'sh run' over and over looking for something wrong. Fine, block icmp on your network. Don't complain the first time a customer of mine can't get your site and I do absolutely nothing about it. Grant -- Grant A. Kirkwood - grant@virtical.net Chief Technology Officer - Virtical Solutions, Inc. http://www.virtical.net/