North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: smurf's attack..i

  • From: Hank Nussbacher
  • Date: Sun Sep 07 03:00:58 1997

At 02:40 PM 9/5/97 -0700, Steve Noble wrote:
>If you are going to filter, you can just filter ICMP for now, thats the
>major protocol used in the attack, that way you are only slightly
>affecting those who might have a .255 address on one of their machines.

We instead limit the rate of ICMP to 30kb/sec over our T1 line, thereby
allowing ICMP to work, but yet limiting the damage an ICMP storm can cause.
We use a box called Bandwiz that does the QoS (been discussed here before in
the past).