Re: Access Lists

[Dan Boehlke <dboehlke () mr net>]

You could just withdraw your BGP announcement for the net being attacked 
and suddenly the attack packets will die at the first router without a 
default route on their way to the victim.

On Wed, 25 Mar 1998, Martin, Christian wrote:

> Hello All,
>
> I have a customer who is being ping-flooded.  His bandwidth is being
> sucked up due to these floods, and wishes me to block them on my router.
>  I am somewhat reluctant to do this, since it goes against our policy;
> however, the customer has been very patient with us on this issue and
> his patience is running out.  
>
> I would be implementing on a Cisco 7507, with 3 T-3s to the Internet,
> and the customer hangs off the router on a T-1.  What is the general
> consensus on providing such a service, particularly in terms of
> processing overhead and manageability.  Is there another way to prevent
> this type of attack, aside from watching packets go by and trying to
> trace it back through the source.  The source IPs are spoofed.
>
> Thanks!
> Christian Martin

--
Dan Boehlke, Senior Network Engineer                          M R N e t
Internet:  dboehlke () mr net                       A MEANS Telcom Company
Phone:  612-362-5814                  2829 SE University Ave. Suite 200
WWW: http://www.mr.net/~dboehlke/                Minneapolis, MN  55414