Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their ownbackbone?)

  • From: Christopher L. Morrow
  • Date: Thu Aug 28 11:10:26 2003


On Thu, 28 Aug 2003, Gordon wrote:

>
>
> Of the DDOS attacks I have had to deal with in the past year I have seen
> none which were icmp based.
> As attacks evolve and transform are we really to believe that rate limiting
> icmp will have some value in the attacks of tomorrow?

The folks doing the attacking aren't 100% stupid... If their tcp flooder
fails they will attempt udp then icmp or some other serial list of
flooding tools. A large number of the 'bot' programs today have multiple
flooding tools on them, so attempt proto X, if !success then attempt proto
Y and so on :(

Rate-limiting ICMP is 'ok' if you, as the provider, think its worthwhile
and you, as the provider, want to deal with the headache phone calls...
It might not stop everything, but in reality nothing really can :( If
someone really wants your site/system/server off the network its as good
as gone.

-Chris




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.