7 Sep
1997
7 Sep
'97
3:24 p.m.
At 02:40 PM 9/5/97 -0700, Steve Noble wrote:
If you are going to filter, you can just filter ICMP for now, thats the major protocol used in the attack, that way you are only slightly affecting those who might have a .255 address on one of their machines.
We instead limit the rate of ICMP to 30kb/sec over our T1 line, thereby allowing ICMP to work, but yet limiting the damage an ICMP storm can cause. We use a box called Bandwiz that does the QoS (been discussed here before in the past). -Hank