ISP question [ was traceroute , pls ]
David A. Bandel
david.bandel at gmail.com
Fri Oct 17 08:15:51 PDT 2008
On Fri, Oct 17, 2008 at 9:10 AM, vu pham <vu at sivell.com> wrote:
> Are the ISPs supposed to let the traceroute packets get thru ?
>
> I am on a server, which cannot traceroute all the way to the destination,
> and I still be able to make the smtp connection to the destination.
>
> So I guess I cannot conclude about connections based only on the traceroute
> path, is that correct ?
Correct. There are a _lot_ of clueless admins out there. Most are
Windoze admins, but some find their way into other networking
positions. They are under the mistaken illusion that if they block
things like ping (ICMP) and traceroute (in UNIX, udp, in Windoze
ICMP), that it will somehow make their network more secure. In point
of fact, it does nothing of the sort. Those that are terrified of
DDOS attacks and think this stops them know nothing about such
attacks. Having witnessed these attacks in progress, I can tell you
that most of the measures ISPs or others take does nothing to stop or
even slow the attacks, but does make life miserable for everyone else
on the Internet. But I don't think you can teach these idiots
anything, so you'll just have to live with it.
As a note: the ISP owns the network, not the clients. They just get
to use it. My network, my rules. It's good to be king. OTOH, I only
block M$ ports (42, 135, 137, 138, 139, 445, 1433, 1434). I rate
limit ICMP, expedite UDP, and ACK, and have a few other tricks. But
that's about it. Can't speak for others.
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
- Nemesis Air Racing Team motto
More information about the Linux-users
mailing list