nanog mailing list archives
Re: [NANOG] Limiting ICMP
From: Kameron Gasso <kgasso-lists () visp net>
Date: Sat, 17 May 2008 22:12:52 -0700
Drew Weaver wrote:
(do people still DDoS with ICMP these days? I see a lot of what looks like udp.pl and hardly any ICMP attack traffic anymore)
We saw a small attempted attack using ICMP a few weeks ago, but as you've mentioned I've mostly been seeing UDP floods (and the occasional TCP SYNflood still). I do feel the need to comment that more and more lately I've been running into extremely frustrating situations where useful ICMP and UDP traffic was being filtered bidirectionally, not just rate-limited. I think my favorite incident so far of this was a host that returned an ICMP UNREACHABLE (with a "filtered" code) in response to an ECHO REQUEST to itself. Cheers, --Kameron _______________________________________________ NANOG mailing list NANOG () nanog org http://mailman.nanog.org/mailman/listinfo/nanog
Current thread:
- [NANOG] Limiting ICMP Drew Weaver (May 17)
- Re: [NANOG] Limiting ICMP Kameron Gasso (May 17)
- Re: [NANOG] Limiting ICMP John Kristoff (May 21)
- Re: [NANOG] Limiting ICMP Rob Thomas (May 21)
- Re: [NANOG] Limiting ICMP Sean Donelan (May 23)