On Mon, Aug 25, 2003 at 02:10:12PM -0700, Steve Lamb wrote: | On Mon, 25 Aug 2003 13:51:37 -0500 "P. Kallakuri" <praveen@unlserve.unl.edu> wrote: | > i cannot find what process is keeping them. i know that i disabled ICMP | > requests on my gateway, | | Ungh. Why? Why disable ICMP. I never figured that one out. | Anything goes wrong with that line and you'll need to remember to | turn it back on so as not to waste the tech's time. "Uh, I can't | ping your machine, are you sure it is plugged in?" "Oh, wait, hold | on, I turned off that diagnostic tool." Disabling ICMP causes worse problems than the scenario Steve described. Suppose you are trying to connect to a remote system, but the server is "partially" down. (for example you are trying to use HTTP but their web server isn't running) Instead of an immediate "Connection Refused" message, you'll sit for around 2 minutes before you get a "Connection Timed Out" message. Why? Well, Connection Refused is indicated by an ICMP packet but you never pass those on to the application. The application then sees nothing until the timeout timer expires. ICMP is extremely useful and is, in fact, required for correct operation of TCP and IP. Do not block ICMP. -D -- "Wipe Info uses hexadecimal values to wipe files. This provides more security than wiping with decimal values." -- Norton SystemWorks 2002 Manual http://dman13.dyndns.org/~dman/
Attachment:
pgpcipQI_Bi2_.pgp
Description: PGP signature