On Mon, Dec 29, 1997 at 12:42:50PM -0500, Jon Lewis wrote:
2.) they will no longer filter icmp echo reply for me, even though they understand that my link is now useless without that. They do not have cpu cycles to spare for this purpose.
Somewhat understandable...but perhaps they should have designed their network a little better and not overloaded their routers to point that one or few line filters push the CPU over the edge....Strike 2.
3.) they do not see this type of attack very often and don't consider it much of a problem.
Sure...it causes them very little trouble. Odds are good their NOC gets smurfed very rarely. Strike 3.
We have a T-1 to Sprint, served out of their Ft. Worth POP. If I down the T on our end, does anyone know if the Sprint (or MCI, or UUNET, etc) router will send back ICMP host/network unreachable messages? I ask because if the core routers DO send back ICMP host/network unreachables and a customer that is being smurfed turns down their T, I'd imagine that the core router would generate a heck of a lot of traffic. It might be enough to catch someone's attention. -- Eric, who does not have a lot of patience with companies that don't seem to care about smurfing. -- Eric Wieling (eric@ccti.net), Corporate Communications Technology Sales: 504-585-7303 (sales@ccti.net), Support: 504-525-5449 (support@ccti.net) Paranoia: It's not just for breakfast anymore.