On Thu, 2003-08-28 at 17:37, Steve Carter wrote:
I speak for Global Crossing when I say that ICMP rate limiting has existed on the Global Crossing network, inbound from peers, for a long time ... we learned our lesson from the Yahoo DDoS attack (when they were one of our customers) back in the day and it was shortly thereafter that we implemented the rate limiters. Over the past 24 hours we've performed some experimentation that shows outbound rate limiters being also of value and we're looking at the specifics of differentiating between happy ICMP and naughty 92 byte packet ICMP and treating the latter with very strict rules ... like we would dump it on the floor. This, I believe, will stomp on the bad traffic but allow the happy traffic to pass unmolested.
I think I can safely say that GBLX is beyond "looking at the specifics" of dropping 92-byte ICMP's, and are in fact doing it. And have not really bothered telling their customers about it either. We happen to use GBLX as one of our upstreams, and have a GigE pipe towards them. Since MS in their infinite wisdom seem to use 92-byte ICMP Echos in the Windows tracert.exe without having any option to use another protocol and/or packetsize, this certainly has generated several calls to OUR support desk today, by customers of ours claiming "your routing is broken, traceroutes aren't getting anywhere!". Although I obviously understand the reasons, it WOULD be nice if if a supplier would at least take the trouble to inform us when they start applying filters to customer traffic, so our helpdesk would be prepared to answer questions about it. We are not a peer, but a paying customer after all. Oh, and it is not rate-limiting causing this, it is most definitely 92-byte filters. "traceroute -P icmp www.gblx.net 92" from a decent OS will drop, any other packetsize works like a charm. /leg