Firewall Wizards mailing list archives
flooding problem - a admin perspective
From: Russell Enderby <russell.enderby () arris-i com>
Date: Tue, 21 Dec 1999 09:24:55 -0500
Background: You are an admin for an ISP who still runs shell services (ie- eggdrops, etc). One of the eggrdrops peves off somone on the IRC network and decides to take serious revenge on that user's eggdrop by ping flooding the box. The ping flood they decide is problematic, they run mutiple attacks from multiple providers through china so backtracing is very difficult if not impossible with the source ip being spoofed. You are running firewalls rules with ipfwadm to block icmp messages but it takes down your upstream providers pipe to you since they have there bandwidth at 80% capacity. What would you do? Try to bandwidth limit flood attacks somehow without hindering other communications somewhere upstream? Upstream providers WILL NOT put ICMP filters inplace for you so bandwidth is still consumed if you have firewalls in place. Just dont deal with the hassle and tell your shell customers to take a hike while just leaving the problem out there a real threat to anyones network if they 'irritate' any joe blow on the internet? This problem is a problem that is difficult to solve and anyones input on this would be greatly appreciated. Sincerely, Russell Enderby
Current thread:
- flooding problem - a admin perspective Russell Enderby (Dec 21)
- Re: [ale] flooding problem - a admin perspective jj (Dec 21)