Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?)

  • From: Gordon
  • Date: Thu Aug 28 09:51:14 2003


Of the DDOS attacks I have had to deal with in the past year I have seen
none which were icmp based.
As attacks evolve and transform are we really to believe that rate limiting
icmp will have some value in the attacks of tomorrow?
-Gordon

>
> On Wed, 27 Aug 2003, jlewis@lewis.org wrote:
>
> > We have a similarly sized connection to MFN/AboveNet, which I won't
> > recommend at this time due to some very questionable null routing
they're
> > doing (propogating routes to destinations, then bitbucketing traffic
sent
> > to them) which is causing complaints from some of our customers and
> > forcing us to make routing adjustments as the customers notice
> > MFN/AboveNet has broken our connectivity to these destinations.
>
> We've noticed that one of our upstreams (Global Crossing) has introduced
> ICMP rate limiting 4/5 days ago.  This means that any traceroutes/pings
> through them look awful (up to 60% apparent packet loss).  After
> contacting their NOC, they said that the directive to install the ICMP
> rate limiting was from the Homeland Security folks and that they would not
> remove them or change the rate at which they limit in the foreseeable
> future.
>
> What are other transit providers doing about this or is it just GLBX?
>
> Cheers,
>
> Rich
>





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.