Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Network Operators and smurf

  • From: Craig A. Huegen
  • Date: Sun Apr 26 04:14:20 1998

On Sun, 26 Apr 1998, Martin, Christian wrote:

==>network.  We are connected upstream at 45Mbps.  As the attack
==>intensified, router CPU Utilization jumped to 99%, and the input queue
==>on our inbound HSSI was at 75/75.  We started dropping packets at a rate
==>of about 7000/sec.  The attacks were coming in from all over the world.

Have you read the smurf document found at
http://www.quadrunner.com/~chuegen/smurf.txt?

I'd be interested to know what version of code you were running.

I've seen a provider drop over 120 Mbps of smurf traffic in access-lists
for over an hour and the routers weren't affected one bit. 

IOS CA & CC code 11.1(13.5) and later have a fix to the code which handles
access-list drops--called "fast drop"--which fixes some inefficiencies in
packet handling.

***READ*** the document at the URL above.  It's amazing how much that URL
has been advertised, through all the advisories, through the NOCs, etc.,
but with the ongoing thread over the last few weeks it almost appears that
a lot of people either haven't heard about it or haven't read it.

Of course, it's been put into mail messages 9 times on NANOG already:
chuegen@quad:3:~>grep "quadrunner.com" mail/nanog | grep "smurf" | wc -l
      9

/cah





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.