skip to primary navigationskip to content
 

CUDN-connected computers must support the ICMP Echo (ping) function

RFC 1122, Requirements for Internet Hosts - Communication Layers, requires that every host must implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies. All devices that are 'actively connected to the CUDN using IP' (see below) should perform this function and those devices must perform this function correctly for ICMP Echo Requests from the following Trusted Subnet:

131.111.12.0/24

Additionally, consideration should be given to allowing access to institutions' internal networks from the Computing Service internal network listed below, from which the initial investigation of network faults is often undertaken. The internal Computing Service subnet from which diagnostic testing may be performed is:

131.111.10.0/23

Notes

The Echo server function is needed to facilitate the friendly probing that is carried out by the Computing Service to identify CUDN- connected devices that are vulnerable to common attacks by hackers.

A device is 'actively connected to the CUDN using IP' if it is in a position to transmit using the IP protocol suite to the network to which it is connected, and thence to the CUDN. Elaborating some specific cases:

  • a device that is powered off is not actively connected at that time;
  • if IP transmissions from a device are prevented from reaching the CUDN, the device is not actively connected to the CUDN using IP; this might be the case if the device is connected to an institutional network that is connected to the CUDN via a firewall that does not forward traffic from the device (in simple terms, the device is not visible from the CUDN through the firewall).
  • if IP transmissions from a device that is connected via a firewall (whether or not the firewall is providing network address translation) reach the CUDN then the ICMP Echo server function must be provided, either by the device or by the firewall on the device's behalf.

However, even if the device is hidden behind a firewall so that the device's IP transmissions do not reach the CUDN, institutions are recommended to allow communication, including the ICMP Echo Requests and Replies, between the device and the Trusted Subnet (above) through the firewall to permit devices behind the firewall to be probed by the Computing Service's 'friendly probes', thereby enhancing the security of the institution's network.

UIS Service Status

Phone padded  Service status line: (01223) 463085
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin


A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >  |  Back issues

RSS Feed Latest news

Delays in email delivery between PPSW and Exchange Online tenancies

Jan 22, 2020

Several institutions reported to us that messages to their Exchange Online tenancies were being blocked following routine maintenance to the central email switch (PPSW) on Monday 20 January. We believe we've discovered the cause and implemented a workaround that has cleared the backlog and will prevent this from happening again.

Phone system maintenance on Saturday 1 February

Jan 16, 2020

We're planning to update the University phone system on Saturday 1 February. Desk phones may reboot several times during this process, but there should be no effect on calls.

View all news