skip to primary navigationskip to content
 

CUDN-connected computers must support the ICMP Echo (ping) function

RFC 1122, Requirements for Internet Hosts - Communication Layers, requires that every host must implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies. All devices that are 'actively connected to the CUDN using IP' (see below) should perform this function and those devices must perform this function correctly for ICMP Echo Requests from the following Trusted Subnet:

131.111.12.0/24

Additionally, consideration should be given to allowing access to institutions' internal networks from the Computing Service internal network listed below, from which the initial investigation of network faults is often undertaken. The internal Computing Service subnet from which diagnostic testing may be performed is:

131.111.10.0/23

Notes

The Echo server function is needed to facilitate the friendly probing that is carried out by the Computing Service to identify CUDN- connected devices that are vulnerable to common attacks by hackers.

A device is 'actively connected to the CUDN using IP' if it is in a position to transmit using the IP protocol suite to the network to which it is connected, and thence to the CUDN. Elaborating some specific cases:

  • a device that is powered off is not actively connected at that time;
  • if IP transmissions from a device are prevented from reaching the CUDN, the device is not actively connected to the CUDN using IP; this might be the case if the device is connected to an institutional network that is connected to the CUDN via a firewall that does not forward traffic from the device (in simple terms, the device is not visible from the CUDN through the firewall).
  • if IP transmissions from a device that is connected via a firewall (whether or not the firewall is providing network address translation) reach the CUDN then the ICMP Echo server function must be provided, either by the device or by the firewall on the device's behalf.

However, even if the device is hidden behind a firewall so that the device's IP transmissions do not reach the CUDN, institutions are recommended to allow communication, including the ICMP Echo Requests and Replies, between the device and the Trusted Subnet (above) through the firewall to permit devices behind the firewall to be probed by the Computing Service's 'friendly probes', thereby enhancing the security of the institution's network.

UIS Service Desk


  Phone padded  (01223 3) 32999

UIS bITe-size bulletin


A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >  |  Back issues

UIS Service Status

Phone padded  Service status line: (01223) 463085
Website padded  Sign up for SMS/email status alerts

RSS Feed Latest news

Migration of centrally managed rooms from Micad to Booker on 29 July

Jul 12, 2019

We'll be migrating bookings of centrally managed lecture rooms from Micad to Booker on 29 July. Estate Management will retire the room booking module of Micad at the end of this year.

Light Blue Fibre leads the way for full fibre connectivity in Cambridge and beyond

Jul 11, 2019

An innovative joint venture launched today (11 July 2019) by the University of Cambridge and Cambridgeshire County Council is opening up new opportunities for full fibre networks to expand Cambridgeshire’s digital infrastructure.

View all news