Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Charter: ICMP being blocked?



Welchia and some or the related worms blast huge holes in networks with ping
scans.  They scan whole class Bs at amazing rates.  They will easily take
down monster core switches with just a few infected machines.  CPU goes
through the roof and buffers overfill.

If you can get around losing have your network management software, it is
survivable by shutting off ICMP.  Patch maint should have had higher
priority, but an ISP doesn't have much control over that.

MEG

> -----Original Message-----
> From: discuss-admin at blu.org [mailto:discuss-admin at blu.org]On Behalf Of
> Bob George
> Sent: Thursday, September 25, 2003 2:52 PM
> To: BLU Discussion List
> Subject: Charter: ICMP being blocked?
>
>
> I moved to the area back in July, and have been very happy with
> Charter's high-speed Internet offering. The speed's lower for the cost
> than what I've used previously (Cox in Phoenix), but there
> were no nasty
> surprises -- until this week.
>
> We had a brief power outage while I was at work. I tried doing a
> traceroute and ping to my system from the office, and noted that there
> were no responses from within Charter's network (specifically, nothing
> after att.net).
>
> On returning home, I verified I had a solid cable light on the modem,
> and powered on my system (Debian 3.0) . On boot, I was assigned a DHCP
> address, but I could not ping my default gateway, nor any known host
> either by name or IP address. I spent some time on the phone with
> Charter support, but other than confirming that they too couldn't ping
> my gateway address, the tech only suggested that I wait a while.
>
> Curious as to why I would get a dhcp lease but not be able to
> get out, I
> fired up tcpdump and was puzzled to see my system happily making DNS
> queries and resolving addresses. I then tried a browser, and
> was able to
> access the 'net normally otherwise.
>
> Everything is working, including games played via NAT'ed internal
> systems. I can establish connections from outside to my
> system on known
> ports that aren't normally blocked. But I can not ping or
> traceroute out
> or in.
>
> I'm wondering if Charter has begun filtering ICMP traffic to/from
> subscriber addresses as some sort of DoS countermeasure? Or is this
> simply a "feature" that I'm experiencing? It's an interesting security
> enhancement, but it does deprive me of some useful
> troubleshooting tools
> (as well as their tech support).
>
> Is anybody else experiencing similar problems?
>
> Thanks all,
>
> - Bob
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org