Re: Ok to let all ICMP traffic through firewall?

From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: 09/25/05 

Date: Sun, 25 Sep 2005 18:33:25 GMT

"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d9fb675753739dd98a11b@news-server.columbus.rr.com...
> In article <ewlZe.2885$3q4.1333@newsfe5-gui.ntli.net>, abuse@[127.0.0.1]
> says...
> > Actually, it's not that simple (I'll stress again that this is *my*
> > particular need, but not one that is particularly uncommon)
> >
> > My monitoring service is me, with either my phone or a laptop.
> >
> > I need to be able to connect from a variety of countries, and a (for my
> > purposes) essentially random series of ISPs and routing networks.
>
> Are you unable to connect via VPN of some form?

Correct.

And, in any case, any way of swooping into the DMZ is a much more
significant hole than allowing an ICMP Ping...

The network is generally stable (a daemon abend a year, if that), but is
hosted via what is officially a dynamic IP address.

Some ISPs seem to block access on a variety of ports. Ping can be dead
useful in those sort of situations... I managed to run the demo I needed (me
in US, machine in UK) by running through a different port (technically
hosting a different site, but running a near-enough software level to the
"proper" demo).

I doubt that I would have remembered that redirected site was there, but for
getting a positive Ping with a negative "Internet" response on ports 80 and
443. ISP-specific blocking as it turned out (broken in Dallas, fine in
Chicago)

H1K

Relevant Pages

  • Re: Ok to let all ICMP traffic through firewall?
    ... >> purposes) essentially random series of ISPs and routing networks. ... significant hole than allowing an ICMP Ping... ... Some ISPs seem to block access on a variety of ports. ... I doubt that I would have remembered that redirected site was there, ...
    (alt.computer.security)
  • Re: Ok to let all ICMP traffic through firewall?
    ... >> purposes) essentially random series of ISPs and routing networks. ... significant hole than allowing an ICMP Ping... ... Some ISPs seem to block access on a variety of ports. ... I doubt that I would have remembered that redirected site was there, ...
    (comp.security.firewalls)
  • ping: sendto: No buffer space available
    ... PING 10.1.1.1: 56 data bytes ... acpi0: on motherboard ... <ACPI PCI bus> on pcib0 ... 2 ports with 2 removable, ...
    (freebsd-stable)
  • Re: Is ISP blocking traffic? ADSL bridged modem - Linksys FEFW11s4 - SBS Standard
    ... But without Ping, how do I verify the static IP they gave me can be reached from the Internet? ... Is there any way to prove the ISP is blocking traffic, or have I screwed something up in the network configuration? ... I don't know this router. ... will have hammered on all the privileged ports and this ...
    (microsoft.public.windows.server.sbs)