nanog mailing list archives
Re: ICANN Targets DDoS Attacks
From: Brett Frankenberger <rbf () rbfnet com>
Date: Tue, 29 Oct 2002 20:51:01 -0600
On Tue, Oct 29, 2002 at 09:05:40PM -0500, Jared Mauch wrote:
Please discontinue imagination. You obviously don't understand how traceroute works by sending udp packets and getting icmp ttl expired messages back which are not icmp {echo,echo-reply}. Come back when you do understand how it works. /sigh
Addressing just the issue of how traceroute works, I'll point out that (a) Most or all flavors of traceroute distributed by Microsoft use ICMP ECHO instead of UDP for the outbound packets (the old issue of some stacks not sending ICMP errors in response to any ICMP being not much of an issue these days, Microsoft's non-traditional method works almost as good as the traditional UDP method), and (b) A Microsoft traceroute is what most customers will be using. FWIW, I don't think rate limiting ICMP is likely to have a negative impact. I also don't think it's a good idea, though -- it might help to identify or prevent some problems in the short term, but in the long run, it's a race we can't win -- if everyone limits ICMP, people will launch DDos attacks with, say, packets to 80/tcp -- rate limiting that is more problematic. ICMP rate limiting isn't anywhere near a big enough win, from my perspective, to justify adding complexity to the network, and having to remember, when troubleshooting strange problems, that ICMP is no longer forwarded just like any other packet. -- Brett
Current thread:
- Re: ICANN Targets DDoS Attacks, (continued)
- Re: ICANN Targets DDoS Attacks Valdis . Kletnieks (Oct 29)
- Re: ICANN Targets DDoS Attacks Jeff Shultz (Oct 29)
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- Re: ICANN Targets DDoS Attacks Jeff Shultz (Oct 29)
- Re: ICANN Targets DDoS Attacks Stephen J. Wilcox (Oct 29)
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- ICMP filtering, was Re: ICANN Targets DDoS Attacks Rob Thomas (Oct 29)
- Re: ICMP filtering, was Re: ICANN Targets DDoS Attacks Rafi Sadowsky (Oct 29)
- Re: ICMP filtering, was Re: ICANN Targets DDoS Attacks Rob Thomas (Oct 30)
- Message not available
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- Re: ICANN Targets DDoS Attacks Brett Frankenberger (Oct 29)
- Re: ICANN Targets DDoS Attacks Peter E. Fry (Oct 29)
- Re: ICANN Targets DDoS Attacks Valdis . Kletnieks (Oct 29)
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- RE: ICANN Targets DDoS Attacks fingers (Oct 29)
- Re: ICANN Targets DDoS Attacks bob (Oct 29)
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)