PING

Martin Mačok martin.macok at underground.cz
Tue Nov 14 22:26:54 CET 2000 

On Tue, Nov 14, 2000 at 09:14:33PM +0100, Miroslav Petricek wrote:
> Mam pocit, ze filtrovani ICMP ping paketu je poruseni nejakeho RFC
> (nejsem ale schopen v tehle chvili citovat). I kdyz, pokud se jedna
> o MS proxy, tak by me to ani tolik neprekvapilo.

Filtrovani (zahazovani) ICMP paketu primo zadne RFC neporusuje.

Sice by se mohlo zdat, ze filtrovani ICMP porusuje:

RFC 792:        INTERNET CONTROL MESSAGE PROTOCOL
[snip]
   ICMP is actually an integral part of IP, and
   must be implemented by every IP module.
[snip]
      The data received in the echo message must be returned in the echo
      reply message.
[snip]

a taktez
RFC 2463:
               Internet Control Message Protocol (ICMPv6)
               for the Internet Protocol Version 6 (IPv6)
[snip]
   ICMPv6 is an integral part of
   IPv6 and MUST be fully implemented by every IPv6 node.
[snip]
   Every node MUST implement an ICMPv6 Echo responder function that
   receives Echo Requests and sends corresponding Echo Replies.  A node
   SHOULD also implement an application-layer interface for sending Echo
   Requests and receiving Echo Replies, for diagnostic purposes.
[snip]

Jenze zde se mluvi u 'must implement', ale ne primo o 'must do' ...
o cemz se spise mluvi v:

RFC 1812:       Requirements for IP Version 4 Routers
[snip]
   The Echo server function MAY choose not to respond to ICMP echo
   requests addressed to IP broadcast or IP multicast addresses.

   A router SHOULD have a configuration option that, if enabled, causes
   the router to silently ignore all ICMP echo requests; if provided,
   this option MUST default to allowing responses.
[snip]

Kazdopadne, az se nejaky chytrak rozhodne, ze z 'bezpecnostnich' duvodu
protokol ICMP zakaze, mel by si precist (a hlavne porozumet) napr.:

http://www.worldgate.com/~marcs/mtu/

bye

P.S. Nicmene je pravda, ze produkty MS na RFC kaslou, jak to jen jde...

-- 
< Martin Mačok    .-=  martin.macok at underground.cz  =-.   < iso-8859-2 > 
  \\. http://kocour.ms.mff.cuni.cz/~macok/  http://underground.cz/ .//
    \\\..         `-=    t.r.u.s.t   n.0  o.n.e     =-'        ..///
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.felk.cvut.cz/pipermail/net/attachments/20001114/9cadcd1f/attachment.bin

More information about the net mailing list