 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Nanog | May-2008 | Next-Thread | Next-Msg |
| Subject: | Re: Microsoft.com PMTUD black hole? |
| Group: | Nanog |
| From: | Hank Nussbacher |
| Date: | 8 May 2008 |
> Nathan Anderson/FSR wrote:
>> Here is a brief update on the situation:
>>
>> I have been in contact with someone at Microsoft's service operations
>> center, who has confirmed for me that MS does in fact block _all_ ICMP
>> at the edge of their network, that they are aware that this will in fact
>> break PMTUD, and that they have no current plans to change this practice
>> which they have implemented in the interest of security.
>
> Although the need for your previous apology has already been questioned
> in this forum, the confirmation that they block not only certain ICMP
> types, but all ICMP, further vacates the need for any apology for
> criticizing this behavior in a pubic forum. It is disheartening for
> those of us who use and support MSFT's products to learn that their
> understanding of security lacks even the basic nuance to know not to
> block an entire--critical--portion of the Internet Protocol. Perhaps
> they should also block _all_ TCP and UDP as well, and then we can move on.
>
> I agree with Iljitsch that it happens frequently, but I think I am
> justified in expecting more than that from Microsoft. Anything less
> would be unprofessional.
I wonder if MS knows about:
ICMP Packet Filtering v1.2 from 2003:
http://www.cymru.com/Documents/icmp-messages.html
Only been around 5 years or so. Hopefully MS people reading this email
will take note, read the entire page and implement what everyone else has
been doing for a number of years.
-Hank
_______________________________________________
NANOG mailing list
NANOG
http://mailman.nanog.org/mailman/listinfo/nanog
| Prev-Msg | Prev-Thread | Nanog | May-2008 | Next-Thread | Next-Msg |