nanog mailing list archives
Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?)
From: "Christopher L. Morrow" <chris () UU NET>
Date: Thu, 28 Aug 2003 15:03:27 +0000 (GMT)
On Thu, 28 Aug 2003, Gordon wrote:
Of the DDOS attacks I have had to deal with in the past year I have seen none which were icmp based. As attacks evolve and transform are we really to believe that rate limiting icmp will have some value in the attacks of tomorrow?
The folks doing the attacking aren't 100% stupid... If their tcp flooder fails they will attempt udp then icmp or some other serial list of flooding tools. A large number of the 'bot' programs today have multiple flooding tools on them, so attempt proto X, if !success then attempt proto Y and so on :( Rate-limiting ICMP is 'ok' if you, as the provider, think its worthwhile and you, as the provider, want to deal with the headache phone calls... It might not stop everything, but in reality nothing really can :( If someone really wants your site/system/server off the network its as good as gone. -Chris
Current thread:
- Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Gordon (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Christopher L. Morrow (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) variable () ednet co uk (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Christopher L. Morrow (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) alex (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Christopher L. Morrow (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) alex (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Christopher L. Morrow (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Sean Donelan (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Christopher L. Morrow (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Sean Donelan (Aug 29)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Christopher L. Morrow (Aug 31)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) variable () ednet co uk (Aug 28)
- Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Christopher L. Morrow (Aug 28)