Ryan Malayter wrote: > The really funny thing is that ICMP echo wasn't the only vulnerable > part of the IP stack, just the easiest to test with. So firewalling > ICMP echo didn't really do much to protect against the vulnerability. > > This made many block all ICMP packets, of course severely breaking their communications in the process. (usually without noticing it immediately)
Asides from that, it is indeed quite common to get "administratively blocked" ICMP messages when you run an NTP server. Those are just ignorant users. They have set up an NTP client but have not allowed incoming NTP in their firewall. They don't notice that their clock is not being synced. 16.343508 134.76.209.123 -> 213.84.187.156 NTP NTP 16.343836 213.84.187.156 -> 134.76.209.123 NTP NTP 16.373556 134.76.249.205 -> 213.84.187.156 ICMP Destination unreachable (Communication administratively filtered) Rob _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
