nanog mailing list archives

Re: Smurf tone down

From: Havard.Eidnes () runit sintef no
Date: Mon, 03 May 1999 21:48:26 +0200

3) Can't manage it.  Providers are understaffed with clueful people.


Is this really that hard?

access-list 175 permit icmp any any
int bleh/bleh
 rate-limit input access-group 175 128000 8000 8000 conform-action transmit exceed-action drop
 rate-limit output access-group 175 128000 8000 8000 conform-action transmit exceed-action drop


I agree, the above isn't all that hard.

However, I'd argue that the above is in some sense wrong.
There's no need to put all ICMP traffic in the same basket; some
ICMP traffic is required for e.g. path MTU discovery to work.
So, instead I'd use

access-list 175 permit icmp any any echo-reply

But you all knew that already, right? ;-)


- Håvard

Current thread:

Re: Smurf tone down, (continued)
- - - Re: Smurf tone down Jan Ahrent Czmok (May 01)
  - Re: Smurf tone down alex (May 01)
- Re: Smurf tone down Leo Bicknell (May 01)
  - Re: Smurf tone down alex (May 01)
    - Re: Smurf tone down Tim Winders (May 01)
    - Re: Smurf tone down alex (May 01)
    - Re: Smurf tone down Leo Bicknell (May 01)
    - Re: Smurf tone down Stephen Stuart (May 01)
    - Re: Smurf tone down Leo Bicknell (May 01)
    - Re: Smurf tone down bmanning (May 01)
    - Re: Smurf tone down Havard . Eidnes (May 03)
    - Re: Smurf tone down sthaug (May 03)
    - Re: Smurf tone down Havard . Eidnes (May 05)
- Re: Smurf tone down Ron Buchalski (May 03)