|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: smurf's attack..i
At 02:40 PM 9/5/97 -0700, Steve Noble wrote: >If you are going to filter, you can just filter ICMP for now, thats the >major protocol used in the attack, that way you are only slightly >affecting those who might have a .255 address on one of their machines. We instead limit the rate of ICMP to 30kb/sec over our T1 line, thereby allowing ICMP to work, but yet limiting the damage an ICMP storm can cause. We use a box called Bandwiz that does the QoS (been discussed here before in the past). -Hank |