On Fri, Dec 05, 1997 at 10:05:13PM -0700, Wayne Bouchard wrote:
Okay, so I'm now blocking 45 megs of icmp echo-reply packets at my borders.. At one point, this was 80,000 packets/sec. (No, I'm not exagerating.)
<SoapBox>
For anyone who has not, PLEASE DISABLE DIRECTED BROADCASTS! Tell a friend.. If you sell routers to clients and/or you configure them, include that in your default configuration. Encourage people to filter inbound ICMP where possible.. Do whatever it takes to work with your customer/peers to put a stop to this kind of abuse. Of all the attacks to date, this (and the recent land.c which is a different issue together) threaten the most disruption of internet services. With ISDN and DSL, users have the bandwidth necessary to generate even more dangerous levels of traffic. If you don't think this issue affects you, it does. If you're not a target, your probably being used as a source.
</SoapBox>
We thank you for your support..
---------------------------------------------------------------------- Wayne Bouchard GlobalCenter web@primenet.com Primenet Network Operations Internet Solutions for (602) 416-6422 800-373-2499 x6422 Growing Businesses FAX: (602) 416-9422 http://www.primenet.com http://www.globalcenter.net ----------------------------------------------------------------------
I suggest finding the source networks (MCI has published such a tool) and dropping their BGP sessions until they deal with the problem. There is one national network in particular that IMHO doesn't give a damn about this, and has turned their head the other way MULTIPLE times when we have attempted to track this down. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly to FULL DS-3 Service | NEW! K56Flex support on ALL modems Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost