Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICANN Targets DDoS Attacks

  • From: Jared Mauch
  • Date: Tue Oct 29 16:15:54 2002

On Tue, Oct 29, 2002 at 01:03:52PM -0800, Jeff Shultz wrote:
> >> On 10/29/2002 at 3:40 PM Valdis.Kletnieks@vt.edu wrote:
> >> >On Tue, 29 Oct 2002 22:25:44 +0200, Petri Helenius <pete@he.iki.fi>
> >> said:
> >> >
> >> >> Why would you like to regulate my ability to transmit and receive
> >> data
> >> >> using ECHO and ECHO_REPLY packets? Why they are considered
> >> >> harmful?
> >> >
> >> >Smurf.
> >> >
> >> 
> >> Okay. What will this do to my user's ping and traceroute times, if
> >> anything? I've got users who tend to panic if their latency hits
> 250ms
> >> between here and the moon (slight exaggeration, but only slight). 
> >> 
> >> I just love it when I've got people blaming me because the 20th hop
> on
> >> a traceroute starts returning  * * * instead of times. 
> >
> >	that's icmp ttl expired messages.
> 
> I know that, and I try to explain it to my customers... but it doesn't
> answer the first part of the question - what will throttling ICMP do to
> ping and traceroute times? My gut reaction is that it will a. slow them

	ICMP?

	Or only icmp echo and icmp echo-reply messages?

	In a well behaved router, nothing.  Obviously if you have
a 7500 or older GSR linecards that are incapable of doing this due to
design problems from day one in pps rates and feature path, there
may be a hit.

	I'm not saying rate-limit anything other than echo+reply.

> down and/or b. discard a lot of them making the circuit look unreliable
> to ping. But I don't know enough about the underlying technology to be
> sure of that. 

	Once again, i'd like to see (other than a performance
checking customer) generate more than 2Mb/s of icmp.echo and icmp.echo-reply
packets that are legit and not part of a DoS.  This is quite rare.

	Do your own stats and test your hardware.

	- jared

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.