ISP question [ was traceroute , pls ]

vu pham vu at sivell.com
Fri Oct 17 09:15:34 PDT 2008


David A. Bandel wrote:
> On Fri, Oct 17, 2008 at 9:10 AM, vu pham <vu at sivell.com> wrote:
>> Are the ISPs supposed to let the traceroute packets get thru ?
>>
>> I am on a server, which cannot traceroute all the way to the destination,
>> and I still be able to make the smtp connection to the destination.
>>
>> So I guess I cannot conclude about connections based only on the traceroute
>> path, is that correct ?
> 
> Correct.  There are a _lot_ of clueless admins out there.  Most are
> Windoze admins, but some find their way into other networking
> positions.  They are under the mistaken illusion that if they block
> things like ping (ICMP) and traceroute (in UNIX, udp, in Windoze
> ICMP), 

You make me remember the first time I learned about how traceroute works 
by using the TTL field. That's a nice invention, isn't it ?
It tooks almost 20 years since the Internet came into being to have such 
a simple but very useful tool like that.

that it will somehow make their network more secure.  In point
> of fact, it does nothing of the sort.  Those that are terrified of
> DDOS attacks and think this stops them know nothing about such
> attacks.  Having witnessed these attacks in progress, I can tell you
> that most of the measures ISPs or others take does nothing to stop or
> even slow the attacks, but does make life miserable for everyone else
> on the Internet.  But I don't think you can teach these idiots
> anything, so you'll just have to live with it.
> 
> As a note:  the ISP owns the network, not the clients.  They just get
> to use it.  My network, my rules.  It's good to be king.  OTOH, I only
> block M$ ports (42, 135, 137, 138, 139, 445, 1433, 1434).  I rate
> limit ICMP, expedite UDP, and ACK, and have a few other tricks.  But
> that's about it.  Can't speak for others.
> 
> 


Thanks,

Vu



More information about the Linux-users mailing list