icmp flooding, distributed ddos?

[John Chambers]

Jeff Kinz asks:
| Anyone seeing signs of a distributed icmp dos?

Well, I ran tcpdump and thought not,  but  then  I  noticed
that  my  firewall  wasn't  seeing  any replies except from
rcn.com addresses, which is our ISP.

So it looks like they've started blocking  ICMP.   This  is
something  new.   I  know  because  I usually have a little
"pinger" window running, a wish script that pings a list of
hosts  every  N  seconds  and  shows  me  a  summary of the
replies. This is real handy when you're working on a set of
machines  scattered  around  the Net.  It worked a few days
ago.  Now is says that all  but  our  home  and  the  ISP's
addresses are dead.

They started blocking both incoming  and  outgoing  TCP  to
port  25  a week or so back.  I've been thinking that maybe
it's time to get serious  about  finding  a  real  Internet
provider.

The ICMP blocking may well be in response  to  a  flood  of
ICMP packets.



--
c. Performance or Benchmark Testing.
   You may not disclose the results of any benchmark test using the Product to
   any third party without Microsoft's prior written approval.
-- from Microsoft's End User Licence Agreement