It is reasonably well acknowledge that ratelimiting ICMP on *ingress* to your network can be a good thing to do, if you have available resources to do it.
How about players rate-limiting ICMP on *egress* of the network over public exchange points. I have been on the wrong end of several smurfs over 100Mb/s over MAE-East & West, as, I'm sure have others. Whenever anyone is smurfed like this, I presume their port blocks, and anyone sending them data has head of line blocking. Which means, in effect, anyone peering with anyone who is being (sufficiently smurfed) will experience packet loss to *other* peers.
DOesn't work. Cisco decided that wasn't the best application for it so egress is MONUMENTALLY innefficient and cpu intensive. (bye, bye little router) ---------------------------------------------------------------------- Wayne Bouchard [Immagine Your ] web@typo.org [Company Name Here] Network Engineer ----------------------------------------------------------------------