North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?)
Of the DDOS attacks I have had to deal with in the past year I have seen none which were icmp based. As attacks evolve and transform are we really to believe that rate limiting icmp will have some value in the attacks of tomorrow? -Gordon > > On Wed, 27 Aug 2003, [email protected] wrote: > > > We have a similarly sized connection to MFN/AboveNet, which I won't > > recommend at this time due to some very questionable null routing they're > > doing (propogating routes to destinations, then bitbucketing traffic sent > > to them) which is causing complaints from some of our customers and > > forcing us to make routing adjustments as the customers notice > > MFN/AboveNet has broken our connectivity to these destinations. > > We've noticed that one of our upstreams (Global Crossing) has introduced > ICMP rate limiting 4/5 days ago. This means that any traceroutes/pings > through them look awful (up to 60% apparent packet loss). After > contacting their NOC, they said that the directive to install the ICMP > rate limiting was from the Homeland Security folks and that they would not > remove them or change the rate at which they limit in the foreseeable > future. > > What are other transit providers doing about this or is it just GLBX? > > Cheers, > > Rich >
|