skip to primary navigationskip to content
 

CUDN-connected computers must support the ICMP Echo (ping) function

RFC 1122, Requirements for Internet Hosts - Communication Layers, requires that every host must implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies. All devices that are 'actively connected to the CUDN using IP' (see below) should perform this function and those devices must perform this function correctly for ICMP Echo Requests from the following Trusted Subnet:

131.111.12.0/24

Additionally, consideration should be given to allowing access to institutions' internal networks from the Computing Service internal network listed below, from which the initial investigation of network faults is often undertaken. The internal Computing Service subnet from which diagnostic testing may be performed is:

131.111.10.0/23

Notes

The Echo server function is needed to facilitate the friendly probing that is carried out by the Computing Service to identify CUDN- connected devices that are vulnerable to common attacks by hackers.

A device is 'actively connected to the CUDN using IP' if it is in a position to transmit using the IP protocol suite to the network to which it is connected, and thence to the CUDN. Elaborating some specific cases:

  • a device that is powered off is not actively connected at that time;
  • if IP transmissions from a device are prevented from reaching the CUDN, the device is not actively connected to the CUDN using IP; this might be the case if the device is connected to an institutional network that is connected to the CUDN via a firewall that does not forward traffic from the device (in simple terms, the device is not visible from the CUDN through the firewall).
  • if IP transmissions from a device that is connected via a firewall (whether or not the firewall is providing network address translation) reach the CUDN then the ICMP Echo server function must be provided, either by the device or by the firewall on the device's behalf.

However, even if the device is hidden behind a firewall so that the device's IP transmissions do not reach the CUDN, institutions are recommended to allow communication, including the ICMP Echo Requests and Replies, between the device and the Trusted Subnet (above) through the firewall to permit devices behind the firewall to be probed by the Computing Service's 'friendly probes', thereby enhancing the security of the institution's network.

Getting help


UIS Service Desk
General support queries

  Phone padded  (01223 7) 62999

UAS Service Desk
Administrative staff queries

  Phone padded  (01223 3) 32999

UIS bITe-size bulletin


A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >  |  Back issues

UIS Service Status

Phone padded  Service status line: (01223) 463085
Website padded  Sign up for SMS/email status alerts

RSS Feed Latest news

All University members now have access to Google G Suite@Cambridge

May 07, 2019

UIS enrolled all members of the University in our Google G Suite account, known as G Suite@Cambridge, on 2 May.

Upgrade Windows 7 machines before the operating system reaches end of life on 14 January 2020

Apr 30, 2019

Microsoft will stop supporting Windows 7 on 14 January 2020. The good news is that you may be entitled to a free upgrade to Windows 10, if your institution is participating in the University's EES agreement.

View all news