FWD: RE: FW: Getting hacked by Digital Isle?
Here is the official Digital Isle party line. The part that I like is "3) Respond to this message requesting we stop pinging your server. In this event our pinging will cease in several days." Several days? I'm wondering if I can send a bill to Digital Isle for beta testing their product on my time and bandwidth without even asking me. Regards, Christopher ---------- Original Message ---------------------------------- From: Sean Gleason <sgleason@digisle.net> Date: Fri, 26 Oct 2001 01:02:21 +0000 (GMT) Chris, We apologize for any inconvenience caused by pings (ICMP_ECHO packets) coming from our machines. Your server was being pinged as part of our real-time "network weather" mapping system called Best Distributor Selection. BDS is an essential part of Footprint, Digital Island's intelligent network service offering. It is used to optimize performance when your customers access the web resources of our customers. Many large web publishers, such as AOL, CNBC and Blue Mountain, use our Footprint service to speed up the delivery of their web content. Our system intelligently matches browsers to the servers on our Footprint network that will provide the best performance. The dynamic nature of routing and congestion on the Internet make it necessary for us to constantly update our maps. Our network was pinging your system because it appeared to be a name server with a sufficient number of resolution requests for our customer web sites to be placed on the list of network nodes to be constantly observed for Internet congestion. By pinging your name server, we can provide better quality of service to your users when they access the web sites of our expanding customer list. We hope you will consider granting us permission to continue pinging a name server in your domain. Sandpiper Networks merged with Digital Island in December 1999, which is why some of the machines pinging you were in digisle.net. At this point you can: 1) Do nothing. Please accept our apologies and be assured that your machines are not being pinged by a hostile party. 2) Tell us if there is an alternate name server in your IP address space that you would like us to ping. We will direct future ping traffic to it. 3) Respond to this message requesting we stop pinging your server. In this event our pinging will cease in several days. Regards, Sean Gleason Digital Island, Inc. On Thu, 25 Oct 2001, Christopher J. Wolff wrote:
Hello, thank you for your response. Here are the source addresses.
IDS246/dos_dos-large-icmp ICMP 167.216.210.50:na 64.212.9.100:na ns1.bblabs.net 17:30 10-25 IDS246/dos_dos-large-icmp ICMP 198.30.3.4:na 64.212.9.100:na ns1.bblabs.net 17:29 10-25 IDS246/dos_dos-large-icmp ICMP 24.30.1.7:na 64.212.9.100:na ns1.bblabs.net 17:27 10-25 IDS246/dos_dos-large-icmp ICMP 212.177.57.41:na 64.212.9.100:na ns1.bblabs.net 17:27 10-25 IDS118/scan_Traceroute ICMP ICMP 216.200.14.119:na 64.212.9.100:na ns1.bblabs.net 17:27 10-25 IDS118/scan_Traceroute ICMP ICMP 216.32.118.78:na 64.212.9.100:na ns1.bblabs.net 17:27 10-25 IDS118/scan_Traceroute ICMP ICMP 207.46.144.74:na 64.212.9.100:na ns1.bblabs.net 17:27 10-25 IDS118/scan_Traceroute ICMP ICMP 208.148.96.52:na 64.212.9.100:na ns1.bblabs.net 17:26 10-25 IDS246/dos_dos-large-icmp ICMP 212.157.128.115:na 64.212.9.100:na ns1.bblabs.net 17:26 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:25 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:25 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:25 10-25 IDS246/dos_dos-large-icmp ICMP 216.235.98.98:na 64.212.9.100:na ns1.bblabs.net 17:25 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:24 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:24 10-25 IDS171/icmp_ping zeros ICMP 139.95.253.3:na 64.212.9.100:na ns1.bblabs.net 17:24 10-25 IDS246/dos_dos-large-icmp ICMP 216.117.43.196:na 64.212.9.100:na ns1.bblabs.net 17:24 10-25 IDS246/dos_dos-large-icmp ICMP 216.206.190.125:na 64.212.9.100:na ns1.bblabs.net 17:23 10-25 IDS246/dos_dos-large-icmp ICMP 213.174.86.3:na 64.212.9.100:na ns1.bblabs.net 17:22 10-25 IDS246/dos_dos-large-icmp ICMP 208.174.0.131:na 64.212.9.100:na ns1.bblabs.net 17:22 10-25 IDS118/scan_Traceroute ICMP ICMP 216.200.14.119:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS118/scan_Traceroute ICMP ICMP 216.32.118.78:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS118/scan_Traceroute ICMP ICMP 207.46.144.74:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS118/scan_Traceroute ICMP ICMP 208.148.96.52:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS246/dos_dos-large-icmp ICMP 64.56.69.38:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS246/dos_dos-large-icmp ICMP 213.174.86.3:na 64.212.9.100:na ns1.bblabs.net 17:19 10-25 IDS246/dos_dos-large-icmp ICMP 208.172.32.131:na 64.212.9.100:na ns1.bblabs.net 17:18 10-25 IDS246/dos_dos-large-icmp ICMP 200.52.171.211:na 64.212.9.100:na ns1.bblabs.net 17:18 10-25 IDS246/dos_dos-large-icmp ICMP 206.24.208.131:na 64.212.9.100:na ns1.bblabs.net 17:18 10-25 IDS246/dos_dos-large-icmp ICMP 216.44.45.4:na 64.212.9.100:na ns1.bblabs.net 17:18 10-25 IDS246/dos_dos-large-icmp ICMP 157.238.44.132:na 64.212.9.100:na ns1.bblabs.net 17:14 10-25 IDS246/dos_dos-large-icmp ICMP 148.122.172.38:na 64.212.9.100:na ns1.bblabs.net 17:14 10-25 IDS246/dos_dos-large-icmp ICMP 212.155.204.88:na 64.212.9.100:na ns1.bblabs.net 17:13 10-25 IDS246/dos_dos-large-icmp ICMP 209.240.197.84:na 64.212.9.100:na ns1.bblabs.net 17:13 10-25 IDS118/scan_Traceroute ICMP ICMP 64.242.62.92:na 64.212.9.100:na ns1.bblabs.net 17:13 10-25 IDS246/dos_dos-large-icmp ICMP 65.32.4.170:na 64.212.9.100:na ns1.bblabs.net 17:13 10-25 IDS118/scan_Traceroute ICMP ICMP 216.200.14.119:na 64.212.9.100:na ns1.bblabs.net 17:10 10-25 IDS118/scan_Traceroute ICMP ICMP 216.32.118.78:na 64.212.9.100:na ns1.bblabs.net 17:10 10-25 IDS118/scan_Traceroute ICMP ICMP 207.46.144.74:na 64.212.9.100:na ns1.bblabs.net 17:10 10-25 IDS118/scan_Traceroute ICMP ICMP 208.148.96.52:na 64.212.9.100:na ns1.bblabs.net 17:10 10-25 IDS246/dos_dos-large-icmp ICMP 209.240.77.196:na 64.212.9.100:na ns1.bblabs.net 17:09 10-25 IDS246/dos_dos-large-icmp ICMP 207.189.78.249:na 64.212.9.100:na ns1.bblabs.net 17:08 10-25 IDS246/dos_dos-large-icmp ICMP 167.216.150.53:na 64.212.9.100:na ns1.bblabs.net 17:08 10-25 IDS246/dos_dos-large-icmp ICMP 64.78.164.100:na 64.212.9.100:na ns1.bblabs.net 17:07 10-25 IDS118/scan_Traceroute ICMP ICMP 204.201.228.130:na 64.212.9.100:na ns1.bblabs.net 17:06 10-25 IDS171/icmp_ping zeros ICMP 163.181.249.3:na 64.212.9.100:na ns1.bblabs.net 17:06 10-25 IDS171/icmp_ping zeros ICMP 163.181.249.3:na 64.212.9.100:na ns1.bblabs.net 17:06 10-25 IDS171/icmp_ping zeros ICMP 163.181.249.3:na 64.212.9.100:na ns1.bblabs.net 17:06 10-25 IDS246/dos_dos-large-icmp ICMP 207.230.26.4:na 64.212.9.100:na ns1.bblabs.net 17:05 10-25 IDS246/dos_dos-large-icmp ICMP 216.206.179.5:na 64.212.9.100:na ns1.bblabs.net 17:05 10-25 IDS246/dos_dos-large-icmp ICMP 167.216.218.245:na 64.212.9.100:na ns1.bblabs.net 17:04 10-25 IDS246/dos_dos-large-icmp ICMP 167.216.216.117:na 64.212.9.100:na ns1.bblabs.net 17:03 10-25 IDS118/scan_Traceroute ICMP ICMP 198.31.3.44:na 64.212.9.100:na ns1.bblabs.net 17:01 10-25 IDS246/dos_dos-large-icmp ICMP 167.216.133.82:na 64.212.9.100:na ns1.bblabs.net 16:59 10-25 IDS118/scan_Traceroute ICMP ICMP 24.130.30.75:na 64.212.9.100:na ns1.bblabs.net 16:58 10-25 IDS246/dos_dos-large-icmp ICMP 64.232.139.108:na 64.212.9.100:na ns1.bblabs.net 16:57 10-25 IDS171/icmp_ping zeros ICMP 64.92.138.196:na 64.212.9.100:na ns1.bblabs.net 16:57 10-25 IDS171/icmp_ping zeros ICMP 64.92.138.196:na 64.212.9.100:na ns1.bblabs.net 16:57 10-25 IDS171/icmp_ping zeros ICMP 64.92.138.196:na 64.212.9.100:na ns1.bblabs.net 16:57 10-25 IDS246/dos_dos-large-icmp ICMP 64.78.164.100:na 64.212.9.100:na ns1.bblabs.net 16:57 10-25 -----Original Message----- From: Sean Gleason [mailto:sgleason@digisle.net] Sent: Thursday, October 25, 2001 4:44 PM To: Christopher J. Wolff Cc: noc-team@digisle.net Subject: Re: FW: Getting hacked by Digital Isle?
Could you provide me an IP address so we can investigate further.
Sean Gleason ---- Digital Island
On Thu, 25 Oct 2001, Christopher J. Wolff wrote:
I just received a log from my IDS claiming the following attack is taking place from your network. If this is true what are you doing and why are
you
ICMP flooding my primary name server.
Log entry:
mailto:abuse@digisle.com for questions This ICMP ECHO REQUEST/REPLY is part of the real-time network monitoring performed by Digital Island Inc. It is not an attack. If you have questions please contact
abuse@digisle.com...........................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
...............................................
Regards, Christopher J. Wolff, VP, CIO Broadband Laboratories, Inc. http://www.bblabs.com email:chris@bblabs.com phone:520.622.4338 x234
On Thu, 25 Oct 2001, Christopher Wolff wrote:
---------- Original Message ---------------------------------- From: Sean Gleason <sgleason@digisle.net> Date: Fri, 26 Oct 2001 01:02:21 +0000 (GMT)
At this point you can:
1) Do nothing. Please accept our apologies and be assured that your machines are not being pinged by a hostile party.
Hostile is a matter of definition. For some of us, these would be another in the category of 'false positive' events that LOTs of us look at by hand. I may be nitpicking here, but every security/network person who takes time out of their schedule to analyze and dig into this 'test', is having their time wasted. And the several days time frame is just poor judgement. t
They should just implement it via a cgi on their webpage where you can disable by your IP or some netblocks. The other thing to do is to just rate-limit icmp and know that their stats will be off/incorrect. btw, 3 days does give them sufficent time to respond assuming you were to send them something after COB on friday to respond by monday. The encoding of the abuse info is better than those old +++ATH packets. - Jared On Thu, Oct 25, 2001 at 09:07:32PM -0700, Todd Suiter wrote:
On Thu, 25 Oct 2001, Christopher Wolff wrote:
---------- Original Message ---------------------------------- From: Sean Gleason <sgleason@digisle.net> Date: Fri, 26 Oct 2001 01:02:21 +0000 (GMT)
At this point you can:
1) Do nothing. Please accept our apologies and be assured that your machines are not being pinged by a hostile party.
Hostile is a matter of definition. For some of us, these would be another in the category of 'false positive' events that LOTs of us look at by hand. I may be nitpicking here, but every security/network person who takes time out of their schedule to analyze and dig into this 'test', is having their time wasted. And the several days time frame is just poor judgement.
t
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
On Thu, 25 Oct 2001, Christopher Wolff wrote:
Here is the official Digital Isle party line. The part that I like is
"3) Respond to this message requesting we stop pinging your server. In this event our pinging will cease in several days."
Several days? I'm wondering if I can send a bill to Digital Isle for beta testing their product on my time and bandwidth without even asking me.
Sure. On that same note, I'm sending you a bill for having to read this pointless thread. 400 packets. I could understand your gripe if you were personally hand-delivering packets via camel, but come on. If it bothers you, block it. Stop whining. Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access
Heh. I've found the best solution is to neither let ICMP in or out of your network. It works wonders. :) /nick On Fri, 26 Oct 2001, Andy Dills wrote:
On Thu, 25 Oct 2001, Christopher Wolff wrote:
Here is the official Digital Isle party line. The part that I like is
"3) Respond to this message requesting we stop pinging your server. In this event our pinging will cease in several days."
Several days? I'm wondering if I can send a bill to Digital Isle for beta testing their product on my time and bandwidth without even asking me.
Sure. On that same note, I'm sending you a bill for having to read this pointless thread.
400 packets. I could understand your gripe if you were personally hand-delivering packets via camel, but come on. If it bothers you, block it. Stop whining.
Andy
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access
Heh. I've found the best solution is to neither let ICMP in or out of your network. It works wonders. :)
Works wonders for breaking PMTUD, etc, too. Simon -- Simon Lockhart | Tel: +44 (0)1737 839676 Internet Engineering Manager | Fax: +44 (0)1737 839516 BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
At 11:33 AM 10/26/2001, Simon Lockhart wrote:
Heh. I've found the best solution is to neither let ICMP in or out of your network. It works wonders. :)
Works wonders for breaking PMTUD, etc, too.
Not to mention annoying dialup, DSL and dedicated customers when they can't do their own traceroutes, etc.
Well, we're a totally wireless ISP, and we have a small dialup pool for our wireless customers to use. We get random complaints as far as not being able to do traceroutes, but they're few and far between. The complaints usually come from a local computer company helping out one of our customers, where instead of connecting to port 25 of their mailserver to see if it's listening, they try and do a traceroute, heh. /nick On Fri, 26 Oct 2001, Dave Stewart wrote:
At 11:33 AM 10/26/2001, Simon Lockhart wrote:
Heh. I've found the best solution is to neither let ICMP in or out of your network. It works wonders. :)
Works wonders for breaking PMTUD, etc, too.
Not to mention annoying dialup, DSL and dedicated customers when they can't do their own traceroutes, etc.
On Fri, 26 Oct 2001, Nick Thompson wrote:
Heh. I've found the best solution is to neither let ICMP in or out of your network. It works wonders. :)
/nick
Not *all* ICMP is bad you know. For example, I can see prohibiting redirects coming in, but what about going _out_? In the real world, no "blanket acl" is likely to prove both effective *and* useable simultaneously. -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
measl@mfn.org wrote:
On Fri, 26 Oct 2001, Nick Thompson wrote:
Heh. I've found the best solution is to neither let ICMP in or out of your network. It works wonders. :)
/nick
This is getting a bit ridiculous. ping was created to test connectivity. And most of our jobs here include trying to improve performance of the internet in general. Is this not what DI is doing, albeit in an automagic way? Personally I find it annoying when some firewall administrator starts blocking icmp. First thing I do when I've got a new router up is ping yahoo.com. If a customer experiences connectivity issues... try pinging yahoo.com. That gives me somewhere to start. If Yahoo started blocking icmp, I'd imagine there'd be hordes of engineers kicking themselves, doing 'sh run' over and over looking for something wrong. Fine, block icmp on your network. Don't complain the first time a customer of mine can't get your site and I do absolutely nothing about it. Grant -- Grant A. Kirkwood - grant@virtical.net Chief Technology Officer - Virtical Solutions, Inc. http://www.virtical.net/
On Fri, 26 Oct 2001, Grant A. Kirkwood wrote:
Date: Fri, 26 Oct 2001 09:39:28 -0700 From: Grant A. Kirkwood <grant@virtical.net> To: measl@mfn.org Cc: Nick Thompson <nick@ipark.com>, Andy Dills <andy@xecu.net>, Christopher Wolff <chris@bblabs.com>, nanog@merit.edu Subject: Re: FWD: RE: FW: Getting hacked by Digital Isle?
measl@mfn.org wrote:
On Fri, 26 Oct 2001, Nick Thompson wrote:
Heh. I've found the best solution is to neither let ICMP in or out of your network. It works wonders. :)
/nick
This is getting a bit ridiculous.
You seem to have attributed the above nonsense about blocking all ICMP to _me_, when in fact I was replying to it and attempting to point out how inane this practice was. Please be more careful in your editing. -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
At 09:39 AM 10/26/2001 -0700, Grant A. Kirkwood wrote:
Personally I find it annoying when some firewall administrator starts blocking icmp. First thing I do when I've got a new router up is ping yahoo.com. If a customer experiences connectivity issues... try pinging yahoo.com. That gives me somewhere to start.
It is interesting to note that Yahoo! presented @ NANOG a couple days ago they were getting XX Mbps (15? I forget) of ICMP traffic. They mentioned they could use this data in a decision whether to considering limiting ICMP (without actually saying they were considering limiting ICMP). Yahoo! has been relatively good to the Internet community, and making them pay for random tests seems to be a bit less than polite, IMHO. Perhaps we should pick something else to ping, something that is relatively ubiquitous, something that everyone knows, something that should be up all the time, something that has good connectivity, something that everyone here would not mind sending random packets for random reasons .... Yes, I think we all came to the same conclusion. From now on, everyone should ping www.microsoft.com to test connectivity. :)
If Yahoo started blocking icmp, I'd imagine there'd be hordes of engineers kicking themselves, doing 'sh run' over and over looking for something wrong.
Personally, I would ping my upstream and/or some other location on the 'Net if XXX did not respond before I did "sho run". But that's me. :)
Grant
-- TTFN, patrick
On Fri, Oct 26, 2001 at 04:37:53PM -0400, Patrick W. Gilmore wrote:
Perhaps we should pick something else to ping, something that is relatively ubiquitous, something that everyone knows, something that should be up all the time, something that has good connectivity, something that everyone here would not mind sending random packets for random reasons ....
Is there an Akamai hostname we can ping which would get a response from the closest cache? Or do we have to let you know in advance that we'll be doing this? Adi
At 01:50 PM 10/26/2001 -0700, R.P. Aditya wrote:
Is there an Akamai hostname we can ping which would get a response from the closest cache? Or do we have to let you know in advance that we'll be doing this?
Hrmmm.... Now that is a loaded question. Allow me to ignore the question and mention one of the kewl ways Akamai optimizes traffic. When you resolve an Akamaized hostname, the magical Akamai domain name system will magically respond with the IP addresses of at least two "optimal" Akamai servers. (They might not be "closest" because Akamai also takes into account things like server load, but they usually will be close - network wise.) This is frequently a server in the same ISP as the end user, especially in the US. So, while you can do a dig on an Akamai hostname to get the IP address, also doing things like ping, or HTTP GETs, require you to resolve the hostname and go through the same resolution process. (Akamai cannot tell if you are doing an HTTP get, or a ping, or an FTP, or what when you do the resolution.) In almost all cases, to use Akamai's service (i.e. be a customer), you need to have one or more Akamai hostnames associated with your web page, streaming server, etc. in some way. Back to your question, as for permission, I am not the correct person to answer that question. However, they are public web servers, and they are designed to let anyone do HTTP downloads of the web content on them, so I know that is allowed. Thank you for your interest in Akamai. :)
Adi
-- TTFN, patrick P.S. What's wrong with pinging MS? :p P.P.S. Akamai uses its own products (hint-hint-dig-www-akamai-com-hint).
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Patrick W. Gilmore Sent: October 26, 2001 4:38 PM To: nanog@merit.edu Subject: Pinging Yahoo! (WAS: Getting hacked by Digital Isle?)
Yes, I think we all came to the same conclusion. From now on, everyone should ping www.microsoft.com to test connectivity. :)
They outsmarted us already in Redmond, sadly. vivienm@quartz:~$ ping -s www.microsoft.com PING www.microsoft.com: 56 data bytes ^C ----www.microsoft.com PING Statistics---- 19 packets transmitted, 0 packets received, 100% packet loss There are a few other organizations that fit your criteria, though, methinks... some of whom allow ICMP just fine and provide things that are slightly more vital than microsoft.com :) Vivien -- Vivien M. vivienm@dyndns.org Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
On Fri, 26 Oct 2001, Vivien M. wrote:
Yes, I think we all came to the same conclusion. From now on, everyone should ping www.microsoft.com to test connectivity. :)
They outsmarted us already in Redmond, sadly. vivienm@quartz:~$ ping -s www.microsoft.com PING www.microsoft.com: 56 data bytes ^C ----www.microsoft.com PING Statistics---- 19 packets transmitted, 0 packets received, 100% packet loss
There are a few other organizations that fit your criteria, though, methinks... some of whom allow ICMP just fine and provide things that are slightly more vital than microsoft.com :)
What's below doesn't quite fit the 'vital' criteria, but... 6:08:57pm|melange@pi:/home/melange> ping -c 1 www.riaa.org PING www.riaa.org (208.225.90.120): 56 data bytes 64 bytes from 208.225.90.120: icmp_seq=0 ttl=111 time=29.475 ms --- www.riaa.org ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 29.475/29.475/29.475/0.000 ms 6:09:06pm|melange@pi:/home/melange> -- Bob <melange@yip.org> | We're all wrong.
On Fri, 26 Oct 2001, Patrick W. Gilmore wrote:
Yes, I think we all came to the same conclusion. From now on, everyone should ping www.microsoft.com to test connectivity. :) Unfortunately, pings to microsoft.com have been blocked for last year or so. Except for short interval when their load-balancer puked and I was getting 30+ return packets for each sent one...
-alex
It is interesting to note that Yahoo! presented @ NANOG a couple days ago they were getting XX Mbps (15? I forget) of ICMP traffic. They mentioned they could use this data in a decision whether to considering limiting ICMP (without actually saying they were considering limiting ICMP).
Ok.. I'm guilty of this as well, in fact my 'network watcher' sent a single ping to www.yahoo.com every 15 minutes until your post. I just turned it off. Now, here's a real issue, many of us probably have similiar systems that ping upstream connections and page/alert/log when there are problems. My 'watcher' could also grab a web page (checking port 80) or do other tests, but I have always assumed that the ping was the least amount of traffic easily and reliably sent to check connectivity. Whats the best way to monitor upstream connectivity for this purpose?
Works wonders at getting you listed at rfc-ignorant.org? matto On Fri, 26 Oct 2001, Nick Thompson wrote: Heh. I've found the best solution is to neither let ICMP in or out of your network. It works wonders. :) /nick --mghali@snark.net------------------------------------------<darwin>< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include <disclaim.h>
participants (16)
-
Alex Pilosov
-
Andy Dills
-
Bob K
-
Christopher Wolff
-
Dave Stewart
-
Grant A. Kirkwood
-
Jared Mauch
-
just me
-
measl@mfn.org
-
mike harrison
-
Nick Thompson
-
Patrick W. Gilmore
-
R.P. Aditya
-
Simon Lockhart
-
Todd Suiter
-
Vivien M.