nanog mailing list archives
Re: [nsp] known networks for broadcast ping attacks
From: Jon Lewis <jlewis () inorganic5 fdt net>
Date: Mon, 11 Aug 1997 23:30:18 -0400 (EDT)
On Mon, 11 Aug 1997, Rick Watson wrote:
This does not solve the entire problem. We have been the victim of such an attack for the last several days. The attack is using up about 7 Mbits of our DS3 to Sprint or about 16%. Filtering out ICMP packets at the router we control only prevents the target host from seeing the ping replies, but does not recover the portion of our circuit occupied by the ping replies, or of Sprint's backbone circuits, or of other provider's circuits in the path, etc.
FDT has also been the target of such attacks recently. You know the senario. Some kid on IRC wants to own a channel, so he runs a script that pings the broadcast address of a few dozen networks claiming a source address of our IRC server...so we get hit so hard with icmp echo replies that UUNet's Cascade switch starts burping such that the end result is we get alternating [roughly] 0.5s bursts of silence / echo reply storms, and no useful traffic comes through our T1. I have about 1.5mb of tcpdump data displaying this from an attack yesterday, and it happened again today. Fortunately, they usually do this only breifly. I'm probably going to tell our IRC admin to pull us off the IRC network. The only other viable option I can think of would be to ask UUNet to block all icmp for our network, and I don't want that. ------------------------------------------------------------------ Jon Lewis <jlewis () fdt net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
Current thread:
- Re: [nsp] known networks for broadcast ping attacks Joe Provo - Network Architect (Aug 02)
- <Possible follow-ups>
- Re: [nsp] known networks for broadcast ping attacks Rick Watson (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks Jon Lewis (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks Eric Wieling (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks David P. Maynard (Aug 12)
- Re: [nsp] known networks for broadcast ping attacks Miquel van Smoorenburg (Aug 12)
- Re: [nsp] known networks for broadcast ping attacks Jonah Yokubaitis (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks Jon Lewis (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks Charles Sprickman (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks Martin Cooper (Aug 12)
- Re: [nsp] known networks for broadcast ping attacks Greg Ketell (Aug 12)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Sharif Torpis (Aug 12)
- Re: [nsp] known networks for broadcast ping attacks Charles Sprickman (Aug 11)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Ran Atkinson (Aug 12)