Comments on: A Cisco router block ping, what does it do, whats the effectiveness, can it be gotten around? http://www.routersguide.com/blog/cisco-router/a-cisco-router-block-ping-what-does-it-do-whats-the-effectiveness-can-it-be-gotten-around/ This blog will tell you everything that you need to know about Cisco, Juniper, Netgear, Linksys, and Foundry wireless routers. Sun, 05 Sep 2010 23:23:36 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Neill http://www.routersguide.com/blog/cisco-router/a-cisco-router-block-ping-what-does-it-do-whats-the-effectiveness-can-it-be-gotten-around/comment-page-1/#comment-7179 Neill Thu, 25 Feb 2010 18:34:38 +0000 http://www.routersguide.com/blog/cisco-router/a-cisco-router-block-ping-what-does-it-do-whats-the-effectiveness-can-it-be-gotten-around/#comment-7179 When used in moderation, pings can be useful in determining the reachability of a destination. But they can be (and often are) used inappropriately and/or to excess. For example, pings are used by crackers to identify "working" addresses or to fill up the network with useless traffic (denial of service aka DoS attacks). To prevent these undesirable affects, an access list that denies pings (ICMP echoes) is attached to the affected interfaces of a router. Because an access list does not normally take effect because of the quantity of pings, it indiscriminately blocks all pings. So to answer your last question, no, the average internet citizen cannot get around the blockage. If you were not an "average" internet citizen AND YOU HAVE A LEGITIMATE REASON TO BYPASS THE BLOCK, you could try IP source routing. IP source routing allows you to specify the exact router path to be used between you and the destination. Good practice today says we should disable IP source routing, but Cisco routers only recently reversed their default; Cisco routers used to allow source routing by default. To use source routing, your first challenge is to determine the IP addresses of the routers on the path and that path will need to support IP source routing. However, having done so, you still may encounter a router with the same "block ping" policy, so even this doesn't guarantee success. When used in moderation, pings can be useful in determining the reachability of a destination. But they can be (and often are) used inappropriately and/or to excess. For example, pings are used by crackers to identify "working" addresses or to fill up the network with useless traffic (denial of service aka DoS attacks). To prevent these undesirable affects, an access list that denies pings (ICMP echoes) is attached to the affected interfaces of a router. Because an access list does not normally take effect because of the quantity of pings, it indiscriminately blocks all pings. So to answer your last question, no, the average internet citizen cannot get around the blockage.

If you were not an "average" internet citizen AND YOU HAVE A LEGITIMATE REASON TO BYPASS THE BLOCK, you could try IP source routing. IP source routing allows you to specify the exact router path to be used between you and the destination. Good practice today says we should disable IP source routing, but Cisco routers only recently reversed their default; Cisco routers used to allow source routing by default. To use source routing, your first challenge is to determine the IP addresses of the routers on the path and that path will need to support IP source routing. However, having done so, you still may encounter a router with the same "block ping" policy, so even this doesn’t guarantee success.

]]> By: Quadratic http://www.routersguide.com/blog/cisco-router/a-cisco-router-block-ping-what-does-it-do-whats-the-effectiveness-can-it-be-gotten-around/comment-page-1/#comment-7178 Quadratic Thu, 25 Feb 2010 18:34:37 +0000 http://www.routersguide.com/blog/cisco-router/a-cisco-router-block-ping-what-does-it-do-whats-the-effectiveness-can-it-be-gotten-around/#comment-7178 If a Cisco router blocks ping (ICMP echos), then it's kind of self-explanatory as to what it does; it keeps pings from being forwarded through the router. If a Cisco router blocks ping (ICMP echos), then it’s kind of self-explanatory as to what it does; it keeps pings from being forwarded through the router.

]]>