ISP question [ was traceroute , pls ]
vu pham
vu at sivell.com
Fri Oct 17 09:15:34 PDT 2008
David A. Bandel wrote:
> On Fri, Oct 17, 2008 at 9:10 AM, vu pham <vu at sivell.com> wrote:
>> Are the ISPs supposed to let the traceroute packets get thru ?
>>
>> I am on a server, which cannot traceroute all the way to the destination,
>> and I still be able to make the smtp connection to the destination.
>>
>> So I guess I cannot conclude about connections based only on the traceroute
>> path, is that correct ?
>
> Correct. There are a _lot_ of clueless admins out there. Most are
> Windoze admins, but some find their way into other networking
> positions. They are under the mistaken illusion that if they block
> things like ping (ICMP) and traceroute (in UNIX, udp, in Windoze
> ICMP),
You make me remember the first time I learned about how traceroute works
by using the TTL field. That's a nice invention, isn't it ?
It tooks almost 20 years since the Internet came into being to have such
a simple but very useful tool like that.
that it will somehow make their network more secure. In point
> of fact, it does nothing of the sort. Those that are terrified of
> DDOS attacks and think this stops them know nothing about such
> attacks. Having witnessed these attacks in progress, I can tell you
> that most of the measures ISPs or others take does nothing to stop or
> even slow the attacks, but does make life miserable for everyone else
> on the Internet. But I don't think you can teach these idiots
> anything, so you'll just have to live with it.
>
> As a note: the ISP owns the network, not the clients. They just get
> to use it. My network, my rules. It's good to be king. OTOH, I only
> block M$ ports (42, 135, 137, 138, 139, 445, 1433, 1434). I rate
> limit ICMP, expedite UDP, and ACK, and have a few other tricks. But
> that's about it. Can't speak for others.
>
>
Thanks,
Vu
More information about the Linux-users
mailing list