Date: Fri, 31 Oct 2003 13:15:15 -0500 From: Derek Zeanah <derek@zeanah.com> To: Aaron Sloan <security@adtu.org>, freebsd-questions@freebsd.org Subject: Re: ICMP being blocked by ATT Message-ID: <3FA2A6B3.3060908@zeanah.com> In-Reply-To: <00bb01c39f0a$28392970$d3a8a8c0@barney> References: <00bb01c39f0a$28392970$d3a8a8c0@barney>
next in thread | previous in thread | raw e-mail | index | archive | help
>I was chatting with our internet provider who gets their feed from ATT, >he notified me that they are blocking all ICMP protocols. >By gosh by golly, I can't ping, tracert, nothing... Is this new? >Shall I complain? > I'm not sure you'll be able to do much. You remember that last batch of Microsoft RPC worms? There was another that followed it up, supposedly designed to "fix" the vulnerability, but that's questionable. Anyway, this follow-up (called Welchia, among other things) has a nasty habit of causing pingstorms. It wants to ping the entire IP address space sequentially, from what I can tell, looking for new hosts to try and infect. I've seen one infected machine consume so much bandwidth that no-one else could access the T1, going through each IP sequentially... Anyway, my ISP (Megapath) shut off ICMP traffic temporarily to make the network usable gain; now tracert's coming from outside the network behave as advertized, but anything initiated within the network gets stomped. AT&T is probably doing the same, and I doubt they'll change anything until Welchia runs its course.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FA2A6B3.3060908>