[TriLUG] [OT] odd output from ping
Ryan Leathers
ryan.leathers at globalknowledge.com
Thu Mar 27 13:49:39 EST 2003
Nothing sinister with this... its normal behavior for a firewall that is
configured to not respond with icmp replies (thats the administratively
prohibited message) and the sequence numbers sent are also consistent
with normal operation of stateful firewalls (capable of sequence
randomization)
On Thu, 2003-03-27 at 12:48, Jeff Bollinger wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> There was some fluff on Slashdot today about Al Jazeera being "hacked"
> but I didn't pursue it. The Packet Filtered could mean they are
> blocking echo reply, though the sequence numbers you are getting seem to
> be pretty curious (possibly dropping a bunch of packets?)
>
> Jeff
>
> Paul D. Boyle wrote:
> | Hi All,
> |
> | I am using <ob linux>SuSE 7.3</ob linux>. I was trying to connect to
> | http://english.aljazeera.net and wasn't able to get through. I wanted
> | to see if the host was up so, I pinged it and got this output:
> |
> | boyle:/~% ping english.aljazeera.net
> | PING english.aljazeera.net (216.34.94.186) from 152.1.38.206 : 56(84)
> bytes of d
> | ata.
> | From jerry.exodus.net (216.34.83.66): icmp_seq=2 Packet filtered
> | From jerry.exodus.net (216.34.83.66) icmp_seq=2 Packet filtered
> |
> | --- english.aljazeera.net ping statistics ---
> | 6 packets transmitted, 0 received, +2 errors, 100% loss, time 5024ms
> |
> | boyle:/~% ping english.aljazeera.net
> | PING english.aljazeera.net (216.34.94.186) from 152.1.38.206 : 56(84)
> bytes of data.
> | From jerry.exodus.net (216.34.83.66): icmp_seq=18 Packet filtered
> | From jerry.exodus.net (216.34.83.66) icmp_seq=18 Packet filtered
> | From jerry.exodus.net (216.34.83.66) icmp_seq=32 Packet filtered
> | From jerry.exodus.net (216.34.83.66) icmp_seq=41 Packet filtered
> | From jerry.exodus.net (216.34.83.66) icmp_seq=50 Packet filtered
> | From jerry.exodus.net (216.34.83.66) icmp_seq=57 Packet filtered
> |
> |
> | I have never seen the "Packet filtered" message before. I did a
> | 'whois' for this host and tracked down some phone numbers. I called the
> | network operations people of the organization which seems to administer
> | 'jerry.exodus.net'. I was told to send an email to them, which I did.
> | Oddly enough, though, after my phone call, the behavior of 'ping' changed.
> | Now this is the output I get:
> |
> | boyle:/x03033% ping english.aljazeera.net
> | PING english.aljazeera.net (216.34.94.186) from 152.1.38.206 : 56(84)
> bytes of data.
> |
> | --- english.aljazeera.net ping statistics ---
> | 309 packets transmitted, 0 received, 100% loss, time 308019ms
> |
> | boyle:/x03033% !ping
> | ping english.aljazeera.net
> | PING english.aljazeera.net (216.34.94.186) from 152.1.38.206 : 56(84)
> bytes of data.
> |
> | --- english.aljazeera.net ping statistics ---
> | 381 packets transmitted, 0 received, 100% loss, time 380015ms
> |
> | From my reading of Stevens' "TCP/IP Illustrated Volime 1", I can see that
> | ICMP packets can return a number of codes. The message seems to most
> | closely correspond to code 13, which is, "communication administratively
> | prohibited by filtering", although I guess there are other possibilities
> | (I need to look in the source for ping).
> |
> | Does anyone know (or have an opinion) whether this indicates a bona fide
> | technical problem, or why would a site be blocked like this?
> |
> | Thanks for any help.
> |
> | Paul
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD4DBQE+gzl6voVlxVBmgsURAkXyAKDzVhkYobg1QCIUyFNNHc9jBrrEpgCXUSzK
> GJY0XG/E2Ptr3NFL9FBJHQ==
> =oNZI
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
More information about the TriLUG
mailing list