| OOL blocking ICMP Ports I called the Help Desk and asked them why. I spent over 2 hours just explaining what was wrong. The agent kept asking "Can you get online?" Yes..I said..Im getting HTTP fine. "What exactly is the problem then?" He kept saying "We don’t block any ports" but could not explain why I wasn’t able to pass ICMP. His "Team Leader" just spouted the same thing. They even went so far as to stream to my desktop and watch me pass HTML and FTP but not be able to pass any pings. Their answer was.."We don’t block any ports" That wasn’t good enough for me. I run applications on my PC that require ICMP to be passed. They treated me like a jackass. I didn’t tell them I work for IBM. They told me that they were going to send a tech to my house to check the line but that if the tech couldn’t find anything I “would have to pay a service call fee” WTF is that? You start blocking ports..I tell you, you are blocking ports…you say your not contrary to all the things I have just told you..and your going to charge me a fee?? I just don’t get it.
Ok so the tech showed up at my house today, he was really helpful, and confirmed what I had told the help desk. He said he didn’t think they were blocking any ports but he would check. See he went one step further. He believed what I was telling him and checked. Well after 2 mins on the phone he got the answer that I told that help desk agent 3 days ago “Were blocking ICMP.” The lady wouldn’t say why or when they will stop blocking these ports. That leaves me stuck.
Now if Cablevision can’t secure its network why should I pay the price? I can’t use 20% of the applications that I use every day because Cablevision is worried about attacks. OK what does that have to do with me? I have to suffer because you all can’t get your shit together? My network is running all Microsoft products and is so frigin tight that I don’t have to worry about security. So you take functionality from the customer but don’t give anything back? If I only get 80% of the functionality from my OOL subscription shouldn’t I get a 20% rebate?
My question is why did you start blocking ports and when are you going to let me get back to my business. |
|
 GeekNJPremium
join:2000-09-23
Waldwick, NJ | Can you be specific... what is being blocked to/from you? There are known inbound blocked ports like 80, 8080 and some other well known proxy ports.
And do you have BOOL or residential OOL?
--
Have you tweaked your OOL connection? |
|
plat2on1
join:2002-08-21
Hopewell Junction, NY | reply to Viso
so your mister big bad IBMer and you dont even know that ICMP is a protocol and not a port ? |
|
|
|
thumbs down from:
bmn 
| Where did I say ICMP was a port jackass? |
|
plat2on1
join:2002-08-21
Hopewell Junction, NY | reply to Viso
quote:
You start blocking ports..I tell you, you are blocking ports…you say your not contrary to all the things I have just told you..and your going to charge me a fee??
hmm. |
|
| reply to Viso
Outbound ICMP is bieng blocked. I have OOL not BOOL. |
|
thumbs down from:
bmn
| Again...where did I say ICMP was a port??
I said shutting ports was preventing ICMP from bieng passed. Damb before you critisize know WTF you are talking about. |
|
GeekNJPremium
join:2000-09-23
Waldwick, NJ | Can you give an example of something that doesn't work? What command are you executing that isn't working?
--
Have you tweaked your OOL connection? |
|
| reply to Viso
Its not a command that isnt working. Well you can bring it down to that level..for instance
Ping 4.2.2.1 gets request timed out e.g. the default gateway is not letting ICMP pass.
Its not that big a deal until you have an application that requires ICMP to funtion. I have several such applications that require ICMP for authentication. Without it the application does not function. |
|
 jaaPremium,MVM
join:2000-06-13
kudos:2
 ·Optimum Online
 ·Vonage
| Ping works fine for me - even to the address you specified.
Probably your firewall or router that is blocking it.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. |
|
GeekNJPremium
join:2000-09-23
Waldwick, NJ | reply to Viso
Maybe it's something specific to you, but certainly not to everyone. You can't ping something outside your own network? I know I can.
Have you made sure it's not something with your router by just placing 1 computer directly into the modem, resetting the modem and trying it? What is your CMTS? You can get it by going backwards and pinging to your IP address from outside using something like »www.tracert.com/cgi-bin/trace.pl
For example, here's mine:
traceroute to xxxxxxx.dyn.optonline.net (67.83.xxx.yyy) from 206.252.193.20: 1-30 hops, 38 byte packets
1 206.252.222.88 (206.252.222.88) 1.36 ms (ttl=64!) 1.29 ms (ttl=64!) 1.40 ms (ttl=64!)
2 198.32.160.20 (198.32.160.20) 1.57 ms (ttl=253!) 1.51 ms (ttl=253!) 1.89 ms (ttl=253!)
3 0095.gi4-7.msfc1.nyc.nac.net (64.21.102.6) 1.44 ms 2.18 ms 1.37 ms
4 0010.gi1-1.msfc1.tlw.nac.net (209.123.11.230) 1.98 ms 2.46 ms 2.26 ms
5 r2-ge9-2.in.nycmnyzr.cv.net (65.19.102.185) 1.95 ms 2.32 ms 1.79 ms
6 r1-srp1-0.wan.prnynj.cv.net (65.19.96.51) 4.64 ms 5.15 ms 5.96 ms
7 r3-srp-1-0.mhe.prnynj.cv.net (67.83.239.53) 4.44 ms 4.40 ms 3.77 ms
8 dstswr1-ge3-1.rh.wlwknj.cv.net (67.83.250.130) 5.81 ms 6.46 ms 5.30 ms
9 ubr103-fa1-0.cmts.wlwknj.cv.net (67.83.250.173) 15.3 ms 7.71 ms 7.15 ms
10 xxxxxxx.dyn.optonline.net (67.83.xxx.yyy) 21.3 ms (ttl=141!) 13.5 ms (ttl=141!) 13.8 ms (ttl=141!)
--
Have you tweaked your OOL connection? |
|
| reply to jaa
No...As I said the technician called the office and the lady confirmed they were blocking ICMP. WHat is your default gateways IP address? Its probably different than mine. |
|
jaaPremium,MVM
join:2000-06-13
kudos:2 Reviews:
·Optimum Online
·Vonage
| I find that very unlikely. The "lady" probably didn't understand you question or does not know what you are talking about.
Many things rely on ICMP - highly unlikely it is being blocked intentionally.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. |
|
| reply to Viso
I have put this PC to the top of my network and got an IP address on the PC and tried to ping, I could not, which indicates an outside problem. tracert is an ICMP command and I cannot get 1 hop away.
This is the ping output from outside the network to my IP address from the website you provided:
Ping Output
FROM www.his.com TO 24.185.167.65.
PING 24.185.167.65 (24.185.167.65): 56 data bytes
--- 24.185.167.65 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
So ICMP inbound is also bieng blocked at the gateway. |
|
 BichonPremium,MVM
join:2002-10-10
Freehold, NJ | reply to Viso
I agree with Geek and jaa. OOL doesn't block outbound ICMP. In fact, I can ping that 4.2.2.1 (One of Genuity's DNS resolvers) just fine. |
|
| reply to Viso
Go ahead...try and ping me??? Tracert me and the last hop on the tracert before me will be 24.185.160.1 my default gateway which is not letting icmp pass. Then you will get timeout messages since no ICMP is bieng passed through the DG. |
|
GeekNJPremium
join:2000-09-23
Waldwick, NJ | reply to Viso
If you run the tracert from outside in, it will show us your UBR and I'd like to see if we can ping into it to an IP or two on the other side.
--
Have you tweaked your OOL connection? |
|
| reply to Viso
Tracert from outside DG to my IP address:
1 | router.136-128.inter (207.136.128.1) ( 0.497/ 0.790/ 1.360) 3/3 100.0%
2 | marina-peering (206.124.224.5) ( 0.998/ 1.080/ 1.123) 3/3 100.0%
3 | f37.ba01.b000899-0.l (66.28.21.13) ( 39.978/ 40.490/ 40.825) 3/3 100.0%
4 | g2-0.core01.lax04.at (66.28.6.241) ( 39.453/ 39.608/ 39.894) 3/3 100.0%
5 | p15-1.core01.lax01.a (66.28.4.201) ( 39.750/ 40.012/ 40.169) 3/3 100.0%
6 | p5-0.core01.san01.at (66.28.4.78) ( 40.169/ 40.704/ 41.566) 3/3 100.0%
7 | p6-0.core01.iah01.at (66.28.4.5) ( 48.636/ 83.463/ 146.721) 3/3 100.0%
8 | p5-0.core01.dfw01.at (66.28.4.97) ( 39.873/ 40.107/ 40.401) 3/3 100.0%
9 | p15-0.core02.dfw01.a (66.28.4.26) ( 39.573/ 40.085/ 40.674) 3/3 100.0%
10 | p15-0.core01.mci01.a (66.28.4.38) ( 48.874/ 49.708/ 50.536) 3/3 100.0%
11 | p5-0.core02.ord01.at (66.28.4.34) ( 59.289/ 59.764/ 60.345) 3/3 100.0%
12 | p6-0.core02.jfk02.at (66.28.4.85) ( 82.461/ 82.712/ 82.992) 3/3 100.0%
13 | p6-0.pr01.jfk05.atla (154.54.1.166) ( 134.618/ 135.072/ 135.974) 3/3 100.0%
14 | r3-ge2-2.in.nycmny83 (65.19.103.133) ( 129.911/ 131.370/ 132.646) 3/3 100.0%
15 | r2-srp1-1.in.nycmny8 (65.19.97.98) ( 126.278/ 127.821/ 129.733) 3/3 100.0%
16 | r1-srp13-0.wan.hcvln (65.19.96.49) ( 127.654/ 130.496/ 132.728) 3/3 100.0%
17 | r1-srp13-0.cr.hcvlny (167.206.12.97) ( 129.950/ 131.370/ 132.798) 3/3 100.0%
18 | r4-srp5-0.mhe.hcvlny (167.206.12.36) ( 132.736/ 132.845/ 133.021) 3/3 100.0%
19 | opti33-134.nassau.cv (167.206.33.134) ( 127.939/ 129.373/ 131.273) 3/3 100.0%
20 | ubr101-fe1-0.cmts.bb (167.206.33.165) ( 127.752/ 129.239/ 130.402) 3/3 100.0%
21 | * * ( -1.000/ -1.000/ -1.000) 0/3 0.0%
22 | * * ( -1.000/ -1.000/ -1.000) 0/3 0.0%
ICMP is bing blocked outbound and inbound to my segment |
|
jaaPremium,MVM
join:2000-06-13
kudos:2 Reviews:
·Optimum Online
·Vonage
| reply to Viso
What your test shows is that device is not responding to ICMP ping request. It does not mean it is blocking them.
Here are some pings within my network and outside.
I guess it is possible that your cmts is blocking ICMP - I just find it very hard to believe.
Edit: Here are my pings:
C:\>ping yahoo.com
Pinging yahoo.com [66.218.71.198] with 32 bytes of data:
Reply from 66.218.71.198: bytes=32 time=100ms TTL=239
Reply from 66.218.71.198: bytes=32 time=90ms TTL=239
Reply from 66.218.71.198: bytes=32 time=90ms TTL=239
Reply from 66.218.71.198: bytes=32 time=90ms TTL=239
Ping statistics for 66.218.71.198:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 100ms, Average = 92ms
C:\>ping optonline.net
Pinging optonline.net [167.206.5.7] with 32 bytes of data:
Reply from 167.206.5.7: bytes=32 time=10ms TTL=244
Reply from 167.206.5.7: bytes=32 time=10ms TTL=244
Reply from 167.206.5.7: bytes=32 time=30ms TTL=244
Reply from 167.206.5.7: bytes=32 time=10ms TTL=244
Ping statistics for 167.206.5.7:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 30ms, Average = 15ms
C:\>ping ubr
Pinging ubr [10.130.160.1] with 32 bytes of data:
Reply from 10.130.160.1: bytes=32 time=10ms TTL=253
Reply from 10.130.160.1: bytes=32 timeping router
Pinging router [192.168.12.1] with 32 bytes of data:
Reply from 192.168.12.1: bytes=32 timeping dslreports.com
Pinging dslreports.com [209.123.109.175] with 32 bytes of data:
Reply from 209.123.109.175: bytes=32 time=20ms TTL=50
Reply from 209.123.109.175: bytes=32 time=10ms TTL=50
Reply from 209.123.109.175: bytes=32 time=10ms TTL=50
Reply from 209.123.109.175: bytes=32 time=10ms TTL=50
Ping statistics for 209.123.109.175:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 20ms, Average = 12ms
C:\>ping 4.4.2.1
Pinging 4.4.2.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 4.4.2.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
[text was edited by author 2003-09-29 18:32:50] |
|
BichonPremium,MVM
join:2002-10-10
Freehold, NJ | reply to Viso
I can't traceroute to either your IP, nor your gateway.
That isn't OOL policy, something is misconfigured. |
|
