Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [nsp] known networks for broadcast ping attacks

  • From: Rick Watson
  • Date: Mon Aug 11 23:19:45 1997

Netstat Webmaster wrote:
> [some text omitted]
> The real problem I see with this particular attack is that there is 
> nothing short of blocking all ICMPs that 'victim.com' can do. At least 
> not that I am aware of.
> 
> Regards,
> Tripp
> 
> webmaster@http://www.netstat.net

This does not solve the entire problem. We have been the victim of
such an attack for the last several days. The attack is using up about
7 Mbits of our DS3 to Sprint or about 16%. Filtering out ICMP packets
at the router we control only prevents the target host from seeing the
ping replies, but does not recover the portion of our circuit occupied
by the ping replies, or of Sprint's backbone circuits, or of other
provider's circuits in the path, etc.

The filters need to be higher up the chain. EVERYONE needs to install
anti-spoof filters. 

I'd prefer not to be forced to filter out all pings. Everyone
filtering out ICMP packets means there is a 100% successful denial of
service attack on what is otherwise a very useful debugging tool
(ping). 

Rick Watson 
The University of Texas, ACITS Networking Services
 r.watson@utexas.edu




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.