something instead of ping.

[Marc Powell]

> -----Original Message-----
> From: Damian Gerow [mailto:damian at sentex.net]
> Sent: Thursday, October 16, 2003 11:53 AM
> To: nagios-users at lists.sourceforge.net
> 
> Thus spake Marc Powell (mpowell at ena.com) [16/10/03 12:47]:
> > Just a heads up, there have been numerous reports of this breaking
other
> > services (ssh, ftp to Win2K servers, pop/IMAP) intermittently. We
> > experienced problems with some customers connecting to our IMAP
servers
> > once we started doing this, we had no choice but to roll-back the
change
> > and the problems went away. Weird. YMMV.
> 
> Yes, I know.  Maybe you can confirm this -- does blocking the 92-byte
ping
> cause more problems than a blanket ICMP block?

IMHO, no, it doesn't. Better the devil you understand than the devil you
don't. In the latter case (blocking all ICMP), if you've made the
appropriate allowances for hosts that _must_ be able to send ICMP
traffic unhindered, the rest is just user education. If you block
92-byte ICMP traffic then you leave yourself open to weird problems that
may or may not be related (and in most cases *shouldn't* be related but
are) with no specific way to resolve them. It just adds a huge layer of
complexity to your troubleshooting.

--
Marc


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null