|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Network Operators and smurf
Craig, I am currently looking into the feature set for this release, as I have to support SMDS, HSRP, Frame, ATM, and VIP2-50 boards. Hopefully this will work. Have you heard of any success/failure stories using dCEF on 75xx against these attacks. If so, I'd be interested to hear of them. PS I have your paper on my corkboard - very nice. Just rantin' and ravin'. Chris >-----Original Message----- >From: Craig A. Huegen [SMTP:[email protected]] >Sent: Sunday, April 26, 1998 3:44 AM >To: Martin, Christian >Cc: '[email protected]' >Subject: RE: Network Operators and smurf > >On Sun, 26 Apr 1998, Martin, Christian wrote: > >==>network. We are connected upstream at 45Mbps. As the attack >==>intensified, router CPU Utilization jumped to 99%, and the input queue >==>on our inbound HSSI was at 75/75. We started dropping packets at a rate >==>of about 7000/sec. The attacks were coming in from all over the world. > >Have you read the smurf document found at >http://www.quadrunner.com/~chuegen/smurf.txt? > >I'd be interested to know what version of code you were running. > >I've seen a provider drop over 120 Mbps of smurf traffic in access-lists >for over an hour and the routers weren't affected one bit. > >IOS CA & CC code 11.1(13.5) and later have a fix to the code which handles >access-list drops--called "fast drop"--which fixes some inefficiencies in >packet handling. > >***READ*** the document at the URL above. It's amazing how much that URL >has been advertised, through all the advisories, through the NOCs, etc., >but with the ongoing thread over the last few weeks it almost appears that >a lot of people either haven't heard about it or haven't read it. > >Of course, it's been put into mail messages 9 times on NANOG already: >[email protected]:3:~>grep "quadrunner.com" mail/nanog | grep "smurf" | wc -l > 9 > >/cah >
|