nanog mailing list archives
RE: Network Operators and smurf
From: "Martin, Christian" <CMartin () mercury balink com>
Date: Sun, 26 Apr 1998 04:02:25 -0400
Craig, I am currently looking into the feature set for this release, as I have to support SMDS, HSRP, Frame, ATM, and VIP2-50 boards. Hopefully this will work. Have you heard of any success/failure stories using dCEF on 75xx against these attacks. If so, I'd be interested to hear of them. PS I have your paper on my corkboard - very nice. Just rantin' and ravin'. Chris
-----Original Message----- From: Craig A. Huegen [SMTP:chuegen () quadrunner com] Sent: Sunday, April 26, 1998 3:44 AM To: Martin, Christian Cc: 'nanog () merit edu' Subject: RE: Network Operators and smurf On Sun, 26 Apr 1998, Martin, Christian wrote: ==>network. We are connected upstream at 45Mbps. As the attack ==>intensified, router CPU Utilization jumped to 99%, and the input queue ==>on our inbound HSSI was at 75/75. We started dropping packets at a rate ==>of about 7000/sec. The attacks were coming in from all over the world. Have you read the smurf document found at http://www.quadrunner.com/~chuegen/smurf.txt? I'd be interested to know what version of code you were running. I've seen a provider drop over 120 Mbps of smurf traffic in access-lists for over an hour and the routers weren't affected one bit. IOS CA & CC code 11.1(13.5) and later have a fix to the code which handles access-list drops--called "fast drop"--which fixes some inefficiencies in packet handling. ***READ*** the document at the URL above. It's amazing how much that URL has been advertised, through all the advisories, through the NOCs, etc., but with the ongoing thread over the last few weeks it almost appears that a lot of people either haven't heard about it or haven't read it. Of course, it's been put into mail messages 9 times on NANOG already: chuegen@quad:3:~>grep "quadrunner.com" mail/nanog | grep "smurf" | wc -l 9 /cah
Current thread:
- Re: Network Operators and smurf, (continued)
- Re: Network Operators and smurf Karl Denninger (Apr 26)
- Re: Network Operators and smurf Jason Lixfeld (Apr 26)
- Re: Network Operators and smurf Karl Denninger (Apr 26)
- Re: Network Operators and smurf Daniel R Ehrlich (Apr 26)
- Re: Network Operators and smurf Dalvenjah FoxFire (Apr 26)
- Re: Network Operators and smurf D'Arcy J.M. Cain (Apr 27)
- Re: Network Operators and smurf (UTSA) Bryan Bradsby (Apr 27)
- Re: Network Operators and smurf (UTSA) Karl Denninger (Apr 27)
- Re: Network Operators and smurf (UTSA) D'Arcy J.M. Cain (Apr 28)
- Re: Network Operators and smurf Karl Denninger (Apr 26)
- Re: Network Operators and smurf Michael Dillon (Apr 26)