This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?

Previous message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
Next message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kurt Kayser kurt_kayser at gmx.de
Wed May 5 12:52:51 CEST 2021

Gert,

you surely know that every enabled protocol/port is a potential threat.

.kurt


Am 05.05.21 um 12:32 schrieb Gert Doering:
> Hi,
>
> On Wed, May 05, 2021 at 12:30:01PM +0200, Kurt Kayser wrote:
>> I understand your point. But there is really no big effort to check if
>> Port 873 is working:
>>
>> <host>nc -zvw100 rpki.ripe.net 873
>> Connection to rpki.ripe.net 873 port [tcp/rsync] succeeded!
>>
>> Let's make a security comparison, if this is really a necessary feature?
> So where exactly is the *security* drawback of permitting ICMP echo?
>
> But yes, of course, we can all do tcpping instead - which is much
> more likely to have an adverse effect on the actual service...
>
> Gert Doering
>         -- NetMaster

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3468 bytes
Desc: S/MIME Cryptographic Signature
URL: </ripe/mail/archives/routing-wg/attachments/20210505/9eaf7acf/attachment.p7s>

Previous message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?
Next message (by thread): [routing-wg] request to enable ICMP echo-reply on rpki.ripe.net?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ routing-wg Archives ]