nanog mailing list archives
Re: ICANN Targets DDoS Attacks
From: Jared Mauch <jared () puck Nether net>
Date: Tue, 29 Oct 2002 15:45:38 -0500
On Tue, Oct 29, 2002 at 10:25:44PM +0200, Petri Helenius wrote:
Source address verification at access layer and rate limiting icmp would be fine starts.Why would you like to regulate my ability to transmit and receive data using ECHO and ECHO_REPLY packets? Why they are considered harmful?
I've found (as others have) that if you take a typical customer interface or even infrastructure/peer interface, you don't see normal packet rates over 2Mb/s of icmp echo+echo-reply (oc3, oc12 and gig-e to exchange for example). Go in and do a rate-limit (and tell it to transmit if exceeded so it doesn't stop your traffic) on your router to check what your typical rate is. you'd be surprised how much this will help mitigate smurf/icmp attacks. It can take a 100Mb/s attack and limit it to 2Mb*<number-of-ingress-peer-interfaces> which is likely to be smaller than 100Mb/s. Yet still allow you to determine the source interface by the unusual traffic spike/pps spike as wlel as the rate-limit/car/whatever drops.
I´m all for source address verification though.
As am i. - Jared -- Jared Mauch | pgp key available via finger from jared () puck nether net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Current thread:
- Re: ICANN Targets DDoS Attacks, (continued)
- Re: ICANN Targets DDoS Attacks Jeff Shultz (Oct 29)
- Re: ICANN Targets DDoS Attacks Stephen J. Wilcox (Oct 29)
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- ICMP filtering, was Re: ICANN Targets DDoS Attacks Rob Thomas (Oct 29)
- Re: ICMP filtering, was Re: ICANN Targets DDoS Attacks Rafi Sadowsky (Oct 29)
- Re: ICMP filtering, was Re: ICANN Targets DDoS Attacks Rob Thomas (Oct 30)
- Message not available
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- Re: ICANN Targets DDoS Attacks Brett Frankenberger (Oct 29)
- Re: ICANN Targets DDoS Attacks Peter E. Fry (Oct 29)
- Re: ICANN Targets DDoS Attacks Valdis . Kletnieks (Oct 29)
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- RE: ICANN Targets DDoS Attacks fingers (Oct 29)
- Re: ICANN Targets DDoS Attacks bob (Oct 29)
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- Re: ICANN Targets DDoS Attacks Valdis . Kletnieks (Oct 30)
- Re: ICANN Targets DDoS Attacks Crist J. Clark (Oct 31)