From owner-freebsd-questions@FreeBSD.ORG Fri Oct 31 10:18:40 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80AAF16A4CE for ; Fri, 31 Oct 2003 10:18:40 -0800 (PST) Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCF5343FAF for ; Fri, 31 Oct 2003 10:18:37 -0800 (PST) (envelope-from shovey@buffnet.net) Received: from buffnet5.buffnet.net (buffnet5.buffnet.net [205.246.19.14]) by buffnet4.buffnet.net (8.12.8/8.8.7) with ESMTP id h9VIIW9L047637; Fri, 31 Oct 2003 13:18:32 -0500 (EST) (envelope-from shovey@buffnet.net) Date: Fri, 31 Oct 2003 13:18:22 -0500 (EST) From: Steve Hovey To: Derek Zeanah In-Reply-To: <3FA2A6B3.3060908@zeanah.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-questions@freebsd.org Subject: Re: ICMP being blocked by ATT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Oct 2003 18:18:40 -0000 Ive still got my traffic blocked for that reason - the second I drop the filter the pipes plug up.. On Fri, 31 Oct 2003, Derek Zeanah wrote: > > >I was chatting with our internet provider who gets their feed from ATT, > >he notified me that they are blocking all ICMP protocols. > >By gosh by golly, I can't ping, tracert, nothing... Is this new? > >Shall I complain? > > > > I'm not sure you'll be able to do much. > > You remember that last batch of Microsoft RPC worms? There was another > that followed it up, supposedly designed to "fix" the vulnerability, but > that's questionable. Anyway, this follow-up (called Welchia, among > other things) has a nasty habit of causing pingstorms. It wants to ping > the entire IP address space sequentially, from what I can tell, looking > for new hosts to try and infect. > > I've seen one infected machine consume so much bandwidth that no-one > else could access the T1, going through each IP sequentially... > > Anyway, my ISP (Megapath) shut off ICMP traffic temporarily to make the > network usable gain; now tracert's coming from outside the network > behave as advertized, but anything initiated within the network gets > stomped. AT&T is probably doing the same, and I doubt they'll change > anything until Welchia runs its course. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >