[LINK] DNS outage?

Scott Howard scott at doc.net.au
Wed Jul 29 18:09:35 AEST 2009

On Wed, Jul 29, 2009 at 12:43 AM, Kim Holburn <kim at holburn.net> wrote:

> > More accurately, traceroute, ping and a host of other network
> > inspection
> > tools use ICMP packets. And it is often a subset of ICMP that is
> > blocked.
> ping uses ICMP.  Traceroute can use a number of things but the default
> is UDP.

Well, yes and no. (Mainly no).

"Standard" traceroute _sends_ UDP packets, but it relies on the intermediate
hosts sending back ICMP time-exceeded-in-transit messages, and the
destination host sending back a ICMP Port Unreachable message in order to
actually function.

Some version of traceroute (eg, Windows tracert) send ICMP ping packets by
default, and expect similar messages to the above back.

You can always use lft (layer four traceroute).  It can't be blocked
> in the same way.

But it still relies on ICMP packets being returned for the intermediate hop
detection, so it can still be blocked by blocking ICMP.

Of course, blocking many forms of ICMP is a bad idea for many reasons, but
that's for another thread...


More information about the Link mailing list