<div dir="ltr">You'll get a hundred different answers, and it'll be how 'paranoid' the provider is and what operational requirements they have.<div><br></div><div>A 'normal' network probably doesn't need to worry about blocking, perhaps rate limiting but likely it'd be a DDoS anyway not abuse..</div>
<div><br></div><div>Since port scanning doesn't really require ICMP any more anyway blocking for that reason is a bit pointless. Someone who cannot troubleshoot without ICMP might need to learn about other methods (ftp, ssh, ntp, smtp ports often open), but it depends on the type of people you expect to have dealings with your network.</div>
<div><br></div><div></From the perspective of a small hosting provider, small business and end-user troubleshooting to small to large carriers/ISPs></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, May 20, 2014 at 1:36 PM, Alex Samad - Yieldbroker <span dir="ltr"><<a href="mailto:Alex.Samad@yieldbroker.com" target="_blank">Alex.Samad@yieldbroker.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi<br>
<br>
Wondering what people do around<br>
1) letting through icmp<br>
<br>
I like the idea of allowing icmp through, make network diagnosis a lot easier, but I don't want to be bomb.<br>
What sort of rate limiting do people think is acceptable?<br>
What's acceptable from client to confirm connectivity?<br>
<br>
<br>
2) blacklisting ip's<br>
<br>
So I have (like a lot of others), people port scanning look for open ports, what sort of levels do people actually do something about it ?<br>
<br>
I asking as an end user, but I am also curious to know what providers do.<br>
<br>
I have heard of companies blocking entire ranges, for example say china and/or Russia as they have no clients there. Do people do that, do ISP provide that service (can that be done through the auto black hole mechanism ?)<br>
<br>
<br>
Alex<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div><br></div>