|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ICANN Targets DDoS Attacks
On Tue, 29 Oct 2002 12:48:39 PST, Jeff Shultz said: > >Smurf. > Okay. What will this do to my user's ping and traceroute times, if > anything? I've got users who tend to panic if their latency hits 250ms > between here and the moon (slight exaggeration, but only slight). > > I just love it when I've got people blaming me because the 20th hop on > a traceroute starts returning * * * instead of times. So you rate limit it to several/second or something appropriate for the normal traffic levels. You don't allow ping/traceroute to broadcast addresses. If you have users with that critical a latency requirement, you should ALREADY be doing traffic shaping and rate limiting to help ensure it. You might want to check if your site is listed in any of the usual Smurf-amp databases, and clean things up if you are - being used as a Smurf amp will shoot your latency all to hell.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech Attachment:
pgp00031.pgp
|