Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Rate limiting UDP,Multicast,ICMP

  • From: Robert Beverly
  • Date: Tue Nov 13 13:15:16 2001

Rate limiting multicast packets would not have prevented state from
being instantiated, nor would it have prevented the MSDP SA flooding
that ensued from this worm.  Some vendors provide facilities to 
rate limit MSDP SA messages (actually rate limiting traffic to the 
MSDP port 639).

On Tue, Nov 13, 2001 at 06:37:41PM +0100, Niels Bakker wrote:
> I'm sure that the operators of the networks that were massively hindered
> when some worms started scanning random hosts in 224/4 (that's what you
> get if you don't understand IP and just use a random number generator to
> get something resembling an IP address) were rate-limiting packets to
> multicast addresses pretty quickly.  All those new sessions (one UDP
> packet to a multicast address) created state in lots of routers
> throughout their networks.  Dropping TCP to 224/4 of course also helps
> in this particular case.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.