North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: ICMP rate limiting on EGRESS (Warning, operational content inside)
On Sun, Jan 16, 2000 at 08:06:21PM -0800, Randy Bush wrote: > > > Is this a good idea? > > seems to me that there's sufficient chance that it is a REALLY good idea, > that folk should seriously try it. ideas that good should have been implemented a long time ago. OTOH, I am of the opinion that the real problem is neither ICMP nor IP directed broadcast. the real problem, as I see it, is spoofed-source packets. the others are scapegoat accoplices which are more easily corrected, and therefore more susceptible to brute-force corrective action. there has been talk, and even a few implementations to correct the real problem, but it has not gotten the attention or corrective action that it deserves. perhaps this is because it is impractical to dial into every ISP's modem banks and determine if they allow spoofed-source packets for the purpose of creating the ever popular black-list of naughty network operatort. upon further pondering, I came up with this variation on a time-honored favorite: the solution: cheap, easy, correct...pick 2.