A story about bypassing air Canada's in-flight network restrictions

(ramsayleung.github.io)

134 points samray | 1 comments | 10 Oct 25 07:50 UTC | HN request time: 0s | source

Show context

ajd555 ◴[10 Oct 25 11:52 UTC] No.45537856[source]▶

If a ping to a specific IP times out, I wouldn't say the IP is blocked. It could be that ICMP specifically is blocked, following some network rules on the firewall. This is pretty common in entreprise networks to not allow endpoint discovery. I could be missing something and happy to be corrected here, but I was surprised to read that.

replies(5): >>45537931 #>>45538067 #>>45538538 #>>45538647 #>>45540200 #

EvanAnderson ◴[10 Oct 25 13:03 UTC] No.45538538[source]▶

>>45537856 #

I find it's important to remember, too, that a failed PING tells you nothing other than your echo request did not receive a response. If the remote host received your request, and if it responded, are both things a failed PING can't tell you, because both of those things could be true but you still end up with a failed PING.

I've seen technicians get tripped up in troubleshooting thinking that a failed PING tells them more than it does. When the possibility of asymmetric return paths is involved it's always important to remember how little a failed PING actually tells you.

replies(2): >>45539109 #>>45540467 #

1. webstrand ◴[10 Oct 25 16:02 UTC] No.45540467[source]▶

>>45538538 #

I had an experience recently setting up a third-party VPN where the echo responses were being delivered to the correct (host,interface) but with the wrong destination address (not the same as made the request)

↑