[windows2000] Re: Need some basic instruction in networking

  • From: "Timothy Mangan" <tmangan@xxxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Sat, 8 Nov 2003 15:31:07 -0500

It probably is turned off on your router (however there are some ISPs that
will block at the gateway router).  

[Background: It used to be that everyone let the routers respond to and pass
pings.  After some denial-of-service attacks that used pings, (plus the ISPs
were noticing a measurable amount of background ICMP, eg ping, traffic in
the backbone) people started blocking.  At first, routers would respond to
the first ping from a source, then drop the others.  Over time this seemed
to change to ignoring them all.  Probably because someone clever started
sending all the pings with different source addresses for a D-O-S attack).
Oh well!]

It's been a couple of years since I logged into a Cisco.  I think it's under
interface->ip.  Traceroute is  "ip unreachables" ("no ip unreachables" would
disable.  I think ping is done via access lists.  Maybe "access-list icmp
any any"?  If you do a "show config" you will probably see a setting that
you can change.  If you can't find a manual try cisco online.

tim

Timothy R. Mangan  - Founder, TMurgent Technologies
tmangan@xxxxxxxxxxxx  www.tmurgent.com  (+1)781.492.0403

-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Rod Falanga
Sent: Saturday, November 08, 2003 2:53 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Need some basic instruction in networking

Timothy,

A follow-up question or two.  

I have noticed that, for years, it is impossible to ping our server from the
outside.  I think (but am not sure of this) that pinging is disabled at the
router.  I don't know if it came that way, or if it was disabled by the
previous system administrator.  Anyway, how do I turn it back on?  (Of
course, it might be being disabled in ISA server as well.)

Rod
 

> -----Original Message-----
> From: "Timothy Mangan" <tmangan@xxxxxxxxxxxx>
> Subject: [windows2000] Re: Need some basic instruction in networking
> Date: Sat, 8 Nov 2003 14:37:48 -0500
> 
> [NOTE: Long Response]
> 1) What is a CSU/DSU?
> A CSU/DSU is a layer 1 conversion device.  It takes a serial interface
> cable
> (coming out of the router) and converts it to a synchronized 1.544Mhz
> digital signal which is used to send to the telco CO.  The CSU/DSU will
> always have information about the quality of the line between the CSU/DSU
> and the CO (often called "the local loop").  If you call the CO they will
> test out the local loop remotely.  They can either read the registers
> remotely or run a "CSU loopback test".  If you complained and they said
> they
> tested the line, this has been done and the line is OK.  Pin-outs for T1
> cables are different.  If you want to replace those cables, get a T1
> replacement.  Belden makes them, as do others.
> 2) Where else can the problem be?
>  In logical order:  In-house LAN, Router, Router to CSU/DSU, Local loop,
> the
> backbone (Internet?), and repeat at the far end.  You want to isolate out
> portions of the problem.  For example, that CSU loopback I mentioned
> earlier.
>  - To eliminate the "in-house LAN", work from router to router (the router
> closest to the T1 at each site).  You are probably using Cisco Routers.
> Find someone with a password and log in (you can usually telnet in,
> otherwise there will be a console port).  You can ping the ip address of
> the
> router at the far end (as well as traceroute, although that is blocked in
> the internet backbone much today).  If the round trip delay between
> routers
> is reasonable (eg under 300ms), then the WAN is OK and the problem will be
> in-house.
> 
> Often, the problem is in the local loop or the backbone, and the following
> applies if that is the case.  You should be able to ping your ISP gateway
> and watch delay time there.  Most of the delay should occur in the local
> loop (as the speeds are slower).  Sometimes it happens between carriers in
> the backbone.  You might have Quest as the ISP at both ends, but typically
> the traffic will be carried over someone else in-between (companies like
> Global Crossing).  The interfaces between carriers will clog up sometimes
> when they need to add a new interface to handle increased capacity.  When
> this happens, the local ISP might say "my network is OK".  If you are in
> this situation -- especially if you use the same ISP at each end -- you
> want
> to ask them to measure the delay between the two gateway routers (the
> first
> router in the ISP attached to each site).  Ask them for a round trip delay
> number.
>  - You can turn on a "DSU loopback" in the CSU/DSU as well.  This is a
> loopback that sends data sent by the router back to itself.  If that
> loopback is enabled and the router sees itself (you have to be logged into
> the router to see this), you have proved out the serial cable between the
> two.
> 
> Hopefully this can help.
> 
> Timothy R. Mangan  - Founder, TMurgent Technologies
> tmangan@xxxxxxxxxxxx  www.tmurgent.com  (+1)781.492.0403


********************************************************
This Weeks Sponsor Pearl Software
Internet Monitoring, Filtering, and Control Solutions
Enabling User & Group Level Oversight & Access Policies
Fully Functional in a Thick or Thin Client Environment
http://www.pearlsw.com
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

********************************************************
This Weeks Sponsor Pearl Software
Internet Monitoring, Filtering, and Control Solutions
Enabling User & Group Level Oversight & Access Policies
Fully Functional in a Thick or Thin Client Environment
http://www.pearlsw.com
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts: