nanog mailing list archives
Re: ICMP rate limiting on EGRESS (Warning, operational content inside)
From: Sam Thomas <sthomas () lart net>
Date: Mon, 17 Jan 2000 09:13:03 +0000
On Sun, Jan 16, 2000 at 08:06:21PM -0800, Randy Bush wrote:
Is this a good idea?seems to me that there's sufficient chance that it is a REALLY good idea, that folk should seriously try it.
ideas that good should have been implemented a long time ago. OTOH, I am of the opinion that the real problem is neither ICMP nor IP directed broadcast. the real problem, as I see it, is spoofed-source packets. the others are scapegoat accoplices which are more easily corrected, and therefore more susceptible to brute-force corrective action. there has been talk, and even a few implementations to correct the real problem, but it has not gotten the attention or corrective action that it deserves. perhaps this is because it is impractical to dial into every ISP's modem banks and determine if they allow spoofed-source packets for the purpose of creating the ever popular black-list of naughty network operatort. upon further pondering, I came up with this variation on a time-honored favorite: the solution: cheap, easy, correct...pick 2.
Current thread:
- ICMP rate limiting on EGRESS (Warning, operational content inside) Alex Bligh (Jan 16)
- Re: ICMP rate limiting on EGRESS (Warning, operational content inside) Randy Bush (Jan 16)
- Re: ICMP rate limiting on EGRESS (Warning, operational content inside) Sam Thomas (Jan 17)
- Re: ICMP rate limiting on EGRESS (Warning, operational content inside) Paul Ferguson (Jan 17)
- Message not available
- Re: ICMP rate limiting on EGRESS (Warning, operational contentinside) Paul Ferguson (Jan 17)
- Re: ICMP rate limiting on EGRESS (Warning, operational content inside) Sam Thomas (Jan 17)
- Re: ICMP rate limiting on EGRESS (Warning, operational content inside) bmanning (Jan 17)
- Re: ICMP rate limiting on EGRESS (Warning, operational content inside) Randy Bush (Jan 16)