nanog mailing list archives

Re: ISP's who filter ICMP during DoS?

From: Rafi Sadowsky <rafi-nanog () meron openu ac il>
Date: Fri, 29 Jun 2001 14:31:13 +0300 (IDT)


On Thu, 28 Jun 2001, ASV wrote:


Does anyone have a list of which ISPs are willing to filter ICMP packets
for you when your network is being (D)DoS'd, and which prefer to simply
blackhole / disconnect you, and which will do absolutely nothing??


 IMHO the best protection you can get from ICMP flooding is a permanent
rate-limit on your upstream router to something between 1-5 % of the line
capacity - You won't feel it unless you have a DoS attack and then it
kicks automagically


 NOTE: depending on your "normal" traffic you want to rate limit UDP
to something between say 20-50 % of line capacity


-       Rafi


I'm finding it hard to gather this information and it occured to me that
this is an obvious factor when choosing an ISP!

Thanks,

Current thread:

ISP's who filter ICMP during DoS? ASV (Jun 28)
- RE: ISP's who filter ICMP during DoS? David Schwartz (Jun 28)
- Re: ISP's who filter ICMP during DoS? Pim van Riezen (Jun 28)
- Re: ISP's who filter ICMP during DoS? Rafi Sadowsky (Jun 29)
- <Possible follow-ups>
- RE: ISP's who filter ICMP during DoS? Los, Ralph (Jun 29)
  - RE: ISP's who filter ICMP during DoS? Christopher L. Morrow (Jun 29)