Re: ICANN Targets DDoS Attacks

[Valdis.Kletnieks () vt edu]

On Tue, 29 Oct 2002 12:48:39 PST, Jeff Shultz said:

> > Smurf.

> Okay. What will this do to my user's ping and traceroute times, if
> anything? I've got users who tend to panic if their latency hits 250ms
> between here and the moon (slight exaggeration, but only slight). 
>
> I just love it when I've got people blaming me because the 20th hop on
> a traceroute starts returning  * * * instead of times. 

So you rate limit it to several/second or something appropriate for the normal
traffic levels.  You don't allow ping/traceroute to broadcast addresses.

If you have users with that critical a latency requirement, you should ALREADY
be doing traffic shaping and rate limiting to help ensure it.  You might
want to check if your site is listed in any of the usual Smurf-amp databases,
and clean things up if you are - being used as a Smurf amp will shoot your
latency all to hell....
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description: