DDoS Attacks....

[James Kelty <james () TUNA ORG>]

Hello,

I seem to be under a DDoS Attack at the moment.  I recieved these logs
from my firewall

<SNIP>

 488. 2000-11-13 14:49:24 ATTACK ALARM:  ICMP Flood from 207.100.65.30
to 209.10.46.156 prot 1 (untrust)
 489. 2000-11-13 14:49:24 ATTACK ALARM:  ICMP Flood from 206.222.103.134
to 209.10.46.156 prot 1 (untrust)
 490. 2000-11-13 14:49:23 ATTACK ALARM:  ICMP Flood from 149.39.250.1 to
209.10.46.156 prot 1 (untrust)
 491. 2000-11-13 14:49:23 ATTACK ALARM:  ICMP Flood from 134.174.9.41 to
209.10.46.156 prot 1 (untrust)
 492. 2000-11-13 14:49:23 ATTACK ALARM:  ICMP Flood from 198.59.162.254
to 209.10.46.156 prot 1 (untrust)
 493. 2000-11-13 14:49:23 ATTACK ALARM:  ICMP Flood from 209.11.133.190
to 209.10.46.156 prot 1 (untrust)
 494. 2000-11-13 14:49:23 ATTACK ALARM:  ICMP Flood from 4.24.80.18 to
209.10.46.156 prot 1 (untrust)
 495. 2000-11-13 14:49:22 ATTACK ALARM:  ICMP Flood from 204.89.131.10
to 209.10.46.156 prot 1 (untrust)
 496. 2000-11-13 14:49:22 ATTACK ALARM:  ICMP Flood from 209.11.133.189
to 209.10.46.156 prot 1 (untrust)
<SNIP>


It seems that there are several IP that these are coming from, all at
once, (Hence the DDoS).  The thing is that, the firewall that they are
hitting
is just a NAT firewall for outbound traffic via SMTP, and NO incoming
traffic should go that way.  It is not really hurting me at the moment,
but when
someone figures out what they are doing, this could be bad.

Any advice? Other that making sure that all my firewalls do not allow
ICMP traffc, (Done!).


Thanks!

-James