Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

IOL refuse to reenable pings for gaming

  • 28-10-2003 4:54pm
    #1
    Registered Users, Registered Users 2 Posts: 8,483 ✭✭✭


    Off the phone to Esat, they cannot/will not/refuse to re-enable pinging. At least for me anyways! :( Not fair! I thought they'd indivdually enable it for you if you so wished?

    Are they required by law to? Fingers crossed!


Comments

  • Registered Users, Registered Users 2 Posts: 8,081 ✭✭✭BKtje


    errr they can probably disable the DOS ping but thats about all. nothing major. Once ur on the server u will still have a ping as its just a response time.

    Am i missing something here?


  • Registered Users, Registered Users 2 Posts: 1,862 ✭✭✭flamegrill


    Originally posted by B-K-DzR
    errr they can probably disable the DOS ping but thats about all. nothing major. Once ur on the server u will still have a ping as its just a response time.

    Am i missing something here?

    No, Esat block ICMP and have done for quite some time. They had some DoS issues in the last 2 years. It will not affect game play nor has icmp pinging got anything to do with game pings. As B_k-DzR says its just a response time.

    Paul


  • Registered Users, Registered Users 2 Posts: 8,081 ✭✭✭BKtje


    Just to clear this up a it. IOL block icmp traffic as Esat Business haven't :)


  • Closed Accounts Posts: 2,188 ✭✭✭Ripwave


    Originally posted by B-K-DzR
    Just to clear this up a it. IOL block icmp traffic as Esat Business haven't :)
    More to the point - IOLBB have blocked ICMP traffic, but that's pretty much irrelevant to the end user - games don't rely on ICMP traffic.


  • Registered Users, Registered Users 2 Posts: 8,081 ✭✭✭BKtje


    Thought thatw as cleared up by flamegrill :)

    But yer no DOS pinging but games are unaffected :p


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,518 ✭✭✭Hecate


    That sort of thing should really be left up to the end user, whether they want to block it or not. After all, blocking ICMP totally breaks a lot of stuff.

    A much more sensible approach would be to rate limit icmp; this would restrict the effectivness of dos and ddos attacks.


  • Closed Accounts Posts: 2,188 ✭✭✭Ripwave


    Originally posted by Hecate
    After all, blocking ICMP totally breaks a lot of stuff.
    Such as?


  • Closed Accounts Posts: 484 ✭✭ssh


    Such as not getting port-unreachable, destination-unreachable etc.

    If I make a tcp connection to a port that is being rejected somewhere along the line, if I don't get the port unreachable reply whatever application will just sit around waiting for a time out.

    ICMP is core to a smoothly working internet and should not be tampered with unless you have an extremely good reason to do so(like say to temporarily prevent a DOS).

    IMHO anyway, I guess that's why I don't work for IOL :)


  • Registered Users, Registered Users 2 Posts: 2,243 ✭✭✭zoro


    yeah but is what they've done LEGAL?

    they don't let you know at any stage that it's been done?
    do they?

    Daniel


  • Closed Accounts Posts: 2,188 ✭✭✭Ripwave


    Originally posted by ssh
    Such as not getting port-unreachable, destination-unreachable etc.

    If I make a tcp connection to a port that is being rejected somewhere along the line, if I don't get the port unreachable reply whatever application will just sit around waiting for a time out.
    Okay, now answer the question - what application won't work if ICMP is blocked? Bear in mind that 99% of the people reading this thread don't even know about traceroute, they're not going to be inconvenienced by not being able to troubleshoot a port unreachable problem.
    ICMP is core to a smoothly working internet and should not be tampered with unless you have an extremely good reason to do so(like say to temporarily prevent a DOS).
    Ever used a VPN?


  • Advertisement
  • Closed Accounts Posts: 2,188 ✭✭✭Ripwave


    Originally posted by hunt_daniel
    yeah but is what they've done LEGAL?
    Of course it's legal. Why on god's earth would you think that it wouldn't be?
    they don't let you know at any stage that it's been done? do they?
    Why would they waste the time, money and effort?


  • Closed Accounts Posts: 484 ✭✭ssh


    Ripwave,

    It is not a question of "doesn't work", it's a question of "doesn't work as it's expected to". Breaking ICMP is not good. As I pointed out, there's a difference between an application sitting around waiting for a connection to either be established or be rejected or just timing out.

    Here's a little test...

    Telnet to some port on some internet server, that you know is closed, but will send you a "destination port unreachable". Notice how telnet almost immediately tells you that it can't open the connection.

    Set up a a firewall between you and host X to drop ICMP in both directions. Do the same as above and you'll spend however long the OS takes to let the application know that it timed out.

    Dropping ICMP across a router is plain bad manners. It is of course legal, but IOL won't be getting a penny from me. At least Eircom don't show such contempt for protocol.


  • Closed Accounts Posts: 2,188 ✭✭✭Ripwave


    Originally posted by ssh
    It is not a question of "doesn't work", it's a question of "doesn't work as it's expected to".
    Look, they're selling this to ordinary home users, running Windows 98. Those users don't "expect" ICMP to work.
    Breaking ICMP is not good. As I pointed out, there's a difference between an application sitting around waiting for a connection to either be established or be rejected or just timing out.
    Yeah, about 10 or 15 seconds difference.
    Here's a little test...

    Telnet to some port on some internet server, that you know is closed, but will send you a "destination port unreachable". Notice how telnet almost immediately tells you that it can't open the connection.
    Test? What is it I'm supposed to be testing? I already know ICMP is blocked!
    Set up a a firewall between you and host X to drop ICMP in both directions. Do the same as above and you'll spend however long the OS takes to let the application know that it timed out.

    Dropping ICMP across a router is plain bad manners. It is of course legal, but IOL won't be getting a penny from me. At least Eircom don't show such contempt for protocol.
    Jaze, I can't understand why people are prepared to pay €5 a month for a static IP address - I know that there's not many people out there who'd pay €5 a month for ICMP!!!


  • Closed Accounts Posts: 484 ✭✭ssh


    Ripwave,

    To be honest, I don't think Boards.ie should let any of our posts through. They probably aren't of interest to anyone (like you said, 99% of the people on the board don't understand what we are on about). And sure it costs boards a few kilobytes to store them.

    Well, I don't. But my point stands. Just because it doesn't matter to you doesn't mean it doesn't matter to someone else. And in ICMP's case, I think it matters to qiute a few people.

    [Now would be a great time for everyone to say "Yeah, we all like having functional ICMP and value ISPs that let it through"]

    btw, what did you mean by the VPN thing? I've set one up sort of before, using the Linux kernel one (whatitsface?).


  • Registered Users, Registered Users 2 Posts: 1,038 ✭✭✭rob1891


    does anyone else block icmp, I know IBB don't. I can't imagine problems with DoS attacks were limited to IOL and IOL only, why are they the only (?) ones blocking it (still)?

    I'd tell them you are terminating your contract. How are you supposed to nmap?!?


  • Registered Users, Registered Users 2 Posts: 2,518 ✭✭✭Hecate


    Okay here's a 'real world' example so to speak.

    Disallowing icmp in both directions interferes with path mtu (maximum transfer unit) discovery. PMTUD is optional in tcp/ip spec, but every tcp/ip stack implements it.

    Here is why: Say you send a 1500 byte packet to someone with an MTU of 1400 bytes. A router between you and the other person takes that packet and splits it into one 1400 byte packet and another 100 byte packet. Neat, but this takes a certain amount of work, and if you are sending a huge sequence of fraged packets (a large email message, say) the processing overhead quickly becomes crazy.

    But, and heres where PMTUD comes to the rescue, if your machine knew only to send 1400 bytes at a time when fragmenting, the overhead is vastly reduced.

    When it comes down to it, IOL are breaking RFCs.


  • Registered Users, Registered Users 2 Posts: 2,243 ✭✭✭zoro


    Originally posted by Ripwave
    Of course it's legal. Why on god's earth would you think that it wouldn't be?
    Why would they waste the time, money and effort?

    Well I'd have thought it illegal as they haven't informed anyone in any way of what they were blocking when someone signs up to their service, giving them money for a BB package

    Basically you're paying for a 100% package, (capped - but they TELL you) but you're not getting 100%...

    and i'm sure that there are servers that'll rank you (i'm thinking gaming here) on ping....and no one'll want you on their game if you've an undetermined ping

    i don't know a whole lot about icmp but i do know that it's extremely useful, and having it disabled without consent, and them not reenabling it when i ask them too is NOT right

    Daniel


  • Closed Accounts Posts: 484 ✭✭ssh


    Good point Hecate. I had forgotten about MTU problems. I actually had something like this recently, where a device was blocking packets of size greater than 1492 bytes, but was blocking ICMP out so it couldn't tell anyone. Wasted HOURS becuase of it.


  • Closed Accounts Posts: 2,188 ✭✭✭Ripwave


    Originally posted by hunt_daniel
    i don't know a whole lot about icmp
    Obviously.
    but i do know that it's extremely useful,
    Do you? So what's it useful for, then? How many times have you taken advantage of ICMP in all the years you're been using dialup? Using the DOS PING command is the only time you've ever encountered ICMP in action, and half the servers you're likely to be pinging drop ICMP anyway.
    and i'm sure that there are servers that'll rank you (i'm thinking gaming here) on ping....and no one'll want you on their game if you've an undetermined ping
    You see, this is the sort of crap that makes your charge so ludicrous - "pings" in games have nothing to do with the DOS PING command, and don't rely on ICMP.


  • Closed Accounts Posts: 2,188 ✭✭✭Ripwave


    Originally posted by ssh
    Well, I don't. But my point stands. Just because it doesn't matter to you doesn't mean it doesn't matter to someone else. And in ICMP's case, I think it matters to qiute a few people.
    Don't get me wrong - I'm not saying that ICMP isn't of use - I'm saying that the lack of ICMP isn't going to make any difference to the vast majority of IOLs customers - and I mean 99.9% vast majority, not 90%. Even among those who actually know what ICMP is, and how it can be taken advantage of in troubleshooting certain types of issues, it's unlikely that they'll encounter thos problems very often on a residential DSL service.
    [Now would be a great time for everyone to say "Yeah, we all like having functional ICMP and value ISPs that let it through"]
    I think the ongoing confusion about in-game pings probably demonstrates that you might get a few people to parrot that for you, but they still wouldn't know what they were on about.
    btw, what did you mean by the VPN thing? I've set one up sort of before, using the Linux kernel one (whatitsface?).
    Some VPNs drop ICMP. (Some don't).


  • Advertisement
  • Closed Accounts Posts: 282 ✭✭glimmerman


    I'd like to chip in a big cheer for ICMP: I *like* being able to traceroute and see where the bottlenecks in the network are. I *like* the ability to "dos" ping jolt and see whats going on. And I'm a bit pissed that IOL have disallowed this (although I don't have their service yet, but I've already ordered it. damn you IOL)


  • Registered Users, Registered Users 2 Posts: 2,243 ✭✭✭zoro


    Well apologies your royal highness.

    In future I'll be sure to keep my opinions, and questions for that matter to myself.

    Now lets all just leave this alone and maybe, just maybe Ripwave will stop insulting every one for no reason.

    and these "ludicrous charges"?? I first ASKED if what they were doing was legal....

    then stated that i didn't THINK it would be.....

    Idiot


  • Closed Accounts Posts: 2,188 ✭✭✭Ripwave


    Originally posted by glimmerman
    I'd like to chip in a big cheer for ICMP: I *like* being able to traceroute and see where the bottlenecks in the network are. I *like* the ability to "dos" ping jolt and see whats going on. And I'm a bit pissed that IOL have disallowed this (although I don't have their service yet, but I've already ordered it. damn you IOL)
    I like being able to ping and traceroute too. But the fact that the firewall in work drops ICMP doesn't prevent me doing anything that I need to do.

    Do you care about ICMP enough to cancel IOL and pay an extra €4.50/month (plus a small part of your soul) to get ICMP with Eircom?


  • Closed Accounts Posts: 10 soapyjoe


    Hey
    IOL are one of the XBox live affiliated companies.I assume XBox Live use's pings for determining server's.Has anybody tried complaining to microsoft.I'm sure if IOL got kicked off this list they would start to allow pings again.
    Just a thought!!


  • Closed Accounts Posts: 484 ✭✭ssh


    Joe,

    ICMP isn't the only way of determining the latency (ping time). It can be done using any low overhead protocol really (usually UDP). There are lots of different types of ICMP packets, the most common being echo-request, which is what results in a echo-reply being sent back by the requested host.


  • Closed Accounts Posts: 2,188 ✭✭✭Ripwave


    Originally posted by soapyjoe
    Hey
    IOL are one of the XBox live affiliated companies.I assume XBox Live use's pings for determining server's.
    Sigh - will one of the moderators PLEASE modify the misleading subject thread.

    In-game pings have NOTHING to do with ICMP, which IOL have blocked.


  • Closed Accounts Posts: 20,919 ✭✭✭✭Gummy Panda


    I have to agree with Ripwave.

    The removal of ICMP has little difference to my broadband experience.

    I have been using Xbox LIVE with IOL since July and have no problems with pings.


  • Registered Users, Registered Users 2 Posts: 8,081 ✭✭✭BKtje


    It might slightly inconvenieve some people. It seriously inconveniences the ****ers trying to do a DOS.


  • Closed Accounts Posts: 1,502 ✭✭✭MrPinK


    Originally posted by B-K-DzR
    It seriously inconveniences the ****ers trying to do a DOS.
    Not really. There are plenty of other DoS's other than Smurfing that don't require ICMP. If IOL are trying to prevent these attacks coming from their network then there are better ways to do it.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,081 ✭✭✭BKtje


    Well it does inconvenience them. of course there are other ways. There always are when it comes to computers.


  • Closed Accounts Posts: 1,502 ✭✭✭MrPinK


    Yes, but they can be just as inconvenienced without inconveniencing anyone else. Rather than blocking all ICMP traffic they could only block ICMP packets to broadcast addresses and packets that have spoofed source addresses


  • Registered Users, Registered Users 2 Posts: 8,081 ✭✭✭BKtje


    So far i havent seen one thing that really onconveniences people.
    Ok u wont be able to see on your traceroute where ur pinging badly but you wouldnt be able to do anything about it anyway.

    Isn't there a way to do a traceroute without using ICMP?

    I agree with you tho i dont think they should have it disabled. Would annoy me.


Advertisement