ICMP (was: Re: keys.gnupg.net - Refresh all public keys never completes in) Enigmail, some servers down?

Aaron Toponce aaron.toponce at gmail.com
Fri Aug 15 17:46:41 CEST 2014


On Thu, Aug 14, 2014 at 05:13:08PM +0100, OmegaPhil wrote:
> Fair point, although that would be a network misconfiguration as
> ping/ICMP is required for network troubleshooting, packet fragmentation
> stuff etc (for reference I'm testing from a dedicated line that I control).

Blocking ICMP is not a network misconfiguration at all. ICMP echo requests are
intentionally blocked to prevent a number of ICMP-related attacks:

    * ICMP floods
    * ICMP nukes
    * ICMP smurfs
    * ICMP "ping of death"

Also, most Cisco routers do not put priority on ICMP packets. It's very common
for Cisco to drop ICMP while processing other protocols on very busy networks.

The best way to troubleshoot a problem to a network server, is to use the
protocol you're having issues with, check BGP routes, ARP entries, DNS, etc.
While ping(1) is certainly a great tool to have, it should be only one of the
many tools in your network troubleshooting toolbox.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 502 bytes
Desc: not available
URL: </pipermail/attachments/20140815/ff6f3db6/attachment.sig>


More information about the Gnupg-users mailing list