nanog mailing list archives
Re: ICMP Attacks???????
From: Jon Lewis <jlewis () inorganic5 fdt net>
Date: Fri, 22 Aug 1997 01:55:02 -0400 (EDT)
On Thu, 21 Aug 1997, Alex "Mr. Worf" Yuriev wrote:
Short of fixing every network on the internet, does anyone have any useful advice for what to do when smurfed? This happened to an FDT customer last night, and it had our T1 (according to uunet) at about 500% capacity. Obviously, until the attack stopped, our T1 wasn't too useful. I'm about< close to just asking uunet to block all icmp echo replies from cominginto FDT...but I know customers will complain.Then they will start blasting UDP at you. Trust me, T1 is not that bad. We periodically have DS-3s eaten up completely but it happens for such a short time that it cannot really be traced :(
Perhaps. The trouble is, when we get smurfed, our T1 becomes totally useless. While talking to UUNet and Cisco about the problem, Cisco suggested traffic shaping on the UUNet 7500 we connect to. If they did that, and told the 7500 not to send >1.5mb/s for us to the cascade, then would the 7500 be smart enough to prioritize the packets such that the icmp get dropped and tcp and udp go through? The main problem, AFAICT, is that the cascade deals very badly with the situation where it has 7mb/s of traffic for a 1.5mb/s pipe. UUNet did not seem terribly receptive to the idea. ------------------------------------------------------------------ Jon Lewis <jlewis () fdt net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
Current thread:
- Re: ICMP Attacks???????, (continued)
- Re: ICMP Attacks??????? Josh Beck (Aug 21)
- Blocking spoofing at the source (was: ICMP Attacks??) Joe Rhett (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Josh Beck (Aug 22)
- Message not available
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Jay R. Ashworth (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Robert Sanders (Aug 29)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Phil Howard (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Robert Sanders (Aug 29)
- Re: ICMP Attacks??????? Peter E. Giza (Aug 21)
- Re: ICMP Attacks??????? Jon Lewis (Aug 21)
- Re: ICMP Attacks??????? Alex "Mr. Worf" Yuriev (Aug 21)
- Re: ICMP Attacks??????? Jon Lewis (Aug 21)
- Re: ICMP Attacks??????? Edward Henigin (Aug 21)
- Re: ICMP Attacks??????? Alex Przekupowski (Aug 22)
- Message not available
- Re: ICMP Attacks??????? Jay R. Ashworth (Aug 22)
- Message not available
- Re: ICMP Attacks??????? Jay R. Ashworth (Aug 26)