IOL refuse to reenable pings for gaming

Töpher

Off the phone to Esat, they cannot/will not/refuse to re-enable pinging. At least for me anyways! Not fair! I thought they'd indivdually enable it for you if you so wished?

Are they required by law to? Fingers crossed!

BKtje

errr they can probably disable the DOS ping but thats about all. nothing major. Once ur on the server u will still have a ping as its just a response time.

Am i missing something here?

flamegrill

Originally posted by B-K-DzR
errr they can probably disable the DOS ping but thats about all. nothing major. Once ur on the server u will still have a ping as its just a response time.

Am i missing something here?

No, Esat block ICMP and have done for quite some time. They had some DoS issues in the last 2 years. It will not affect game play nor has icmp pinging got anything to do with game pings. As B_k-DzR says its just a response time.

Paul

BKtje

Just to clear this up a it. IOL block icmp traffic as Esat Business haven't

Ripwave

Originally posted by B-K-DzR
Just to clear this up a it. IOL block icmp traffic as Esat Business haven't

More to the point - IOLBB have blocked ICMP traffic, but that's pretty much irrelevant to the end user - games don't rely on ICMP traffic.

BKtje

Thought thatw as cleared up by flamegrill

But yer no DOS pinging but games are unaffected

Hecate

That sort of thing should really be left up to the end user, whether they want to block it or not. After all, blocking ICMP totally breaks a lot of stuff.

A much more sensible approach would be to rate limit icmp; this would restrict the effectivness of dos and ddos attacks.

Ripwave

Originally posted by Hecate
After all, blocking ICMP totally breaks a lot of stuff.

Such as?

ssh

Such as not getting port-unreachable, destination-unreachable etc.

If I make a tcp connection to a port that is being rejected somewhere along the line, if I don't get the port unreachable reply whatever application will just sit around waiting for a time out.

ICMP is core to a smoothly working internet and should not be tampered with unless you have an extremely good reason to do so(like say to temporarily prevent a DOS).

IMHO anyway, I guess that's why I don't work for IOL

zoro

yeah but is what they've done LEGAL?

they don't let you know at any stage that it's been done?
do they?

Daniel

Ripwave

Originally posted by ssh
Such as not getting port-unreachable, destination-unreachable etc.

If I make a tcp connection to a port that is being rejected somewhere along the line, if I don't get the port unreachable reply whatever application will just sit around waiting for a time out.

Okay, now answer the question - what application won't work if ICMP is blocked? Bear in mind that 99% of the people reading this thread don't even know about traceroute, they're not going to be inconvenienced by not being able to troubleshoot a port unreachable problem.

ICMP is core to a smoothly working internet and should not be tampered with unless you have an extremely good reason to do so(like say to temporarily prevent a DOS).

Ever used a VPN?

Ripwave

Originally posted by hunt_daniel
yeah but is what they've done LEGAL?

Of course it's legal. Why on god's earth would you think that it wouldn't be?

they don't let you know at any stage that it's been done? do they?

Why would they waste the time, money and effort?

ssh

Ripwave,

It is not a question of "doesn't work", it's a question of "doesn't work as it's expected to". Breaking ICMP is not good. As I pointed out, there's a difference between an application sitting around waiting for a connection to either be established or be rejected or just timing out.

Here's a little test...

Telnet to some port on some internet server, that you know is closed, but will send you a "destination port unreachable". Notice how telnet almost immediately tells you that it can't open the connection.

Set up a a firewall between you and host X to drop ICMP in both directions. Do the same as above and you'll spend however long the OS takes to let the application know that it timed out.

Dropping ICMP across a router is plain bad manners. It is of course legal, but IOL won't be getting a penny from me. At least Eircom don't show such contempt for protocol.

Ripwave

Originally posted by ssh
It is not a question of "doesn't work", it's a question of "doesn't work as it's expected to".

Look, they're selling this to ordinary home users, running Windows 98. Those users don't "expect" ICMP to work.

Breaking ICMP is not good. As I pointed out, there's a difference between an application sitting around waiting for a connection to either be established or be rejected or just timing out.

Yeah, about 10 or 15 seconds difference.

Here's a little test...

Telnet to some port on some internet server, that you know is closed, but will send you a "destination port unreachable". Notice how telnet almost immediately tells you that it can't open the connection.

Test? What is it I'm supposed to be testing? I already know ICMP is blocked!

Set up a a firewall between you and host X to drop ICMP in both directions. Do the same as above and you'll spend however long the OS takes to let the application know that it timed out.

Dropping ICMP across a router is plain bad manners. It is of course legal, but IOL won't be getting a penny from me. At least Eircom don't show such contempt for protocol.

Jaze, I can't understand why people are prepared to pay €5 a month for a static IP address - I know that there's not many people out there who'd pay €5 a month for ICMP!!!

ssh

Ripwave,

To be honest, I don't think Boards.ie should let any of our posts through. They probably aren't of interest to anyone (like you said, 99% of the people on the board don't understand what we are on about). And sure it costs boards a few kilobytes to store them.

Well, I don't. But my point stands. Just because it doesn't matter to you doesn't mean it doesn't matter to someone else. And in ICMP's case, I think it matters to qiute a few people.

[Now would be a great time for everyone to say "Yeah, we all like having functional ICMP and value ISPs that let it through"]

btw, what did you mean by the VPN thing? I've set one up sort of before, using the Linux kernel one (whatitsface?).

rob1891

does anyone else block icmp, I know IBB don't. I can't imagine problems with DoS attacks were limited to IOL and IOL only, why are they the only (?) ones blocking it (still)?

I'd tell them you are terminating your contract. How are you supposed to nmap?!?

Hecate

Okay here's a 'real world' example so to speak.

Disallowing icmp in both directions interferes with path mtu (maximum transfer unit) discovery. PMTUD is optional in tcp/ip spec, but every tcp/ip stack implements it.

Here is why: Say you send a 1500 byte packet to someone with an MTU of 1400 bytes. A router between you and the other person takes that packet and splits it into one 1400 byte packet and another 100 byte packet. Neat, but this takes a certain amount of work, and if you are sending a huge sequence of fraged packets (a large email message, say) the processing overhead quickly becomes crazy.

But, and heres where PMTUD comes to the rescue, if your machine knew only to send 1400 bytes at a time when fragmenting, the overhead is vastly reduced.

When it comes down to it, IOL are breaking RFCs.

zoro

Originally posted by Ripwave
Of course it's legal. Why on god's earth would you think that it wouldn't be?
Why would they waste the time, money and effort?

Well I'd have thought it illegal as they haven't informed anyone in any way of what they were blocking when someone signs up to their service, giving them money for a BB package

Basically you're paying for a 100% package, (capped - but they TELL you) but you're not getting 100%...

and i'm sure that there are servers that'll rank you (i'm thinking gaming here) on ping....and no one'll want you on their game if you've an undetermined ping

i don't know a whole lot about icmp but i do know that it's extremely useful, and having it disabled without consent, and them not reenabling it when i ask them too is NOT right

Daniel

ssh

Good point Hecate. I had forgotten about MTU problems. I actually had something like this recently, where a device was blocking packets of size greater than 1492 bytes, but was blocking ICMP out so it couldn't tell anyone. Wasted HOURS becuase of it.

Ripwave

Originally posted by hunt_daniel
i don't know a whole lot about icmp

Obviously.

but i do know that it's extremely useful,

Do you? So what's it useful for, then? How many times have you taken advantage of ICMP in all the years you're been using dialup? Using the DOS PING command is the only time you've ever encountered ICMP in action, and half the servers you're likely to be pinging drop ICMP anyway.

and i'm sure that there are servers that'll rank you (i'm thinking gaming here) on ping....and no one'll want you on their game if you've an undetermined ping

You see, this is the sort of crap that makes your charge so ludicrous - "pings" in games have nothing to do with the DOS PING command, and don't rely on ICMP.

Ripwave

Originally posted by ssh
Well, I don't. But my point stands. Just because it doesn't matter to you doesn't mean it doesn't matter to someone else. And in ICMP's case, I think it matters to qiute a few people.

Don't get me wrong - I'm not saying that ICMP isn't of use - I'm saying that the lack of ICMP isn't going to make any difference to the vast majority of IOLs customers - and I mean 99.9% vast majority, not 90%. Even among those who actually know what ICMP is, and how it can be taken advantage of in troubleshooting certain types of issues, it's unlikely that they'll encounter thos problems very often on a residential DSL service.

[Now would be a great time for everyone to say "Yeah, we all like having functional ICMP and value ISPs that let it through"]

I think the ongoing confusion about in-game pings probably demonstrates that you might get a few people to parrot that for you, but they still wouldn't know what they were on about.

btw, what did you mean by the VPN thing? I've set one up sort of before, using the Linux kernel one (whatitsface?).

Some VPNs drop ICMP. (Some don't).

glimmerman

I'd like to chip in a big cheer for ICMP: I *like* being able to traceroute and see where the bottlenecks in the network are. I *like* the ability to "dos" ping jolt and see whats going on. And I'm a bit pissed that IOL have disallowed this (although I don't have their service yet, but I've already ordered it. damn you IOL)

zoro

Well apologies your royal highness.

In future I'll be sure to keep my opinions, and questions for that matter to myself.

Now lets all just leave this alone and maybe, just maybe Ripwave will stop insulting every one for no reason.

and these "ludicrous charges"?? I first ASKED if what they were doing was legal....

then stated that i didn't THINK it would be.....

Idiot

Ripwave

Originally posted by glimmerman
I'd like to chip in a big cheer for ICMP: I *like* being able to traceroute and see where the bottlenecks in the network are. I *like* the ability to "dos" ping jolt and see whats going on. And I'm a bit pissed that IOL have disallowed this (although I don't have their service yet, but I've already ordered it. damn you IOL)

I like being able to ping and traceroute too. But the fact that the firewall in work drops ICMP doesn't prevent me doing anything that I need to do.

Do you care about ICMP enough to cancel IOL and pay an extra €4.50/month (plus a small part of your soul) to get ICMP with Eircom?

soapyjoe

Hey
IOL are one of the XBox live affiliated companies.I assume XBox Live use's pings for determining server's.Has anybody tried complaining to microsoft.I'm sure if IOL got kicked off this list they would start to allow pings again.
Just a thought!!

ssh

Joe,

ICMP isn't the only way of determining the latency (ping time). It can be done using any low overhead protocol really (usually UDP). There are lots of different types of ICMP packets, the most common being echo-request, which is what results in a echo-reply being sent back by the requested host.

Ripwave

Originally posted by soapyjoe
Hey
IOL are one of the XBox live affiliated companies.I assume XBox Live use's pings for determining server's.

Sigh - will one of the moderators PLEASE modify the misleading subject thread.

In-game pings have NOTHING to do with ICMP, which IOL have blocked.

Gummy Panda

I have to agree with Ripwave.

The removal of ICMP has little difference to my broadband experience.

I have been using Xbox LIVE with IOL since July and have no problems with pings.

BKtje

It might slightly inconvenieve some people. It seriously inconveniences the ****ers trying to do a DOS.

MrPinK

Originally posted by B-K-DzR
It seriously inconveniences the ****ers trying to do a DOS.

Not really. There are plenty of other DoS's other than Smurfing that don't require ICMP. If IOL are trying to prevent these attacks coming from their network then there are better ways to do it.

BKtje

Well it does inconvenience them. of course there are other ways. There always are when it comes to computers.