[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Akamai bypasses WebSense, Real.com, DoubleClick and oth er UNWANTED TRAFFIC
How about just dropping all ICMP except echo-reply at your internet access router? Ian -----Original Message----- From: Cedric Amand [mailto:[email protected]] Sent: Monday, September 18, 2000 2:05 PM To: Fw-1-Mailinglist-us (E-mail) Subject: Re: [FW1] Akamai bypasses WebSense, Real.com, DoubleClick and other UNWANTED TRAFFIC Hello Carl, CEM> They do this by ping flooding large blocks of addresses and building a network latency topology map and vectoring data from their servers. CEM> I don't want AKAMAI's thousands of servers PING FLOODING me. Please, if you don't like "unwanted" ICMP then you don't want to be on the internet at all since ICMP is made for normal operations of the TCP control protocol and is entirely connection-less. Akamai, like many others and a shitload of hardware devices, uses ICMP to determine the "distance" between all of their servers and you to deliver your customers/users/whatevers the best internet experience. (As you said.) They don't have thousands of boxes tough and their technology is much more complex than just flat probing of the entire internet. Anyway, it's annoying because it pollutes logs, but as a firewall admin you maybe should just silently dump their traffic. They won't change their business. Their traffic load is abyssal. There are also numerous academic hosts doing the same thing, some with funny reverse DNS lookups like "network-topology-probing-for -my-thesis.thatuniv.blah.edu" that are as (if not more) annoying. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|