|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ISP's who filter ICMP during DoS?
On Thu, 28 Jun 2001, ASV wrote: > > Does anyone have a list of which ISPs are willing to filter ICMP packets > for you when your network is being (D)DoS'd, and which prefer to simply > blackhole / disconnect you, and which will do absolutely nothing?? IMHO the best protection you can get from ICMP flooding is a permanent rate-limit on your upstream router to something between 1-5 % of the line capacity - You won't feel it unless you have a DoS attack and then it kicks automagically NOTE: depending on your "normal" traffic you want to rate limit UDP to something between say 20-50 % of line capacity - Rafi > > I'm finding it hard to gather this information and it occured to me that > this is an obvious factor when choosing an ISP! > > Thanks, > > > >
|