Hello Job, I understand your point. But there is really no big effort to check if Port 873 is working:
<host>nc -zvw100 rpki.ripe.net 873 Connection to rpki.ripe.net 873 port [tcp/rsync] succeeded! Let's make a security comparison, if this is really a necessary feature? regards, Kurt Am 05.05.21 um 12:23 schrieb Job Snijders via routing-wg: > Hi RIPE NCC, hi all, > > In today's troubleshooting adventure, an operator experienced difficulty > pinpointing where exactly a connectivity issue between them and > rpki.ripe.net (193.0.6.138 + 2001:67c:2e8:22::c100:68a) resided. > > It would be helpful if RIPE NCC reverted disabling responding to ICMP > echo requests originating from the Internet. Would it be possible to > adjust the firewall settings to accomodate troubleshooting and > monitoring? > > Right now connectivity testing has to be performed directly against the > rsync daemon's internet-exposed TCP port (873) - but it would be much > cheaper and faster for both the tester and the service hoster if instead > ICMP echo requests could be used as an early warning system (rather than > the rsync service itself). > > $ ping -c 6 rpki.ripe.net > PING rpki.ripe.net (193.0.6.138): 56 data bytes > > --- rpki.ripe.net ping statistics --- > 6 packets transmitted, 0 packets received, 100.0% packet loss > > The above test result differs compared to sending echo requests to > molamola.ripe.net or manus.authdns.ripe.net. > > Kind regards, > > Job >
