North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Smurf tone down

  • From: alex
  • Date: Sat May 01 02:17:41 1999


Hello,

To help quench the effects of smurf attacks on our network, we CEF-CAR all
ICMP on our egress points to about 200% of normal ICMP flows.

However, when a upstream becomes full of ICMP (even though we dump most of
it), it still affects our external connectivity.

My question is, why don't larger upstream providers use CEF-CAR (assuming
that most use this) do the same to limit the effect of smurf attacks on
thier (and subsequently, thier customers') networks?

The floor is open for flames.



-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
     Atheism is a non-prophet organization. I route, therefore I am.
       Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member
               Father of the Network and Head Bottle-Washer
     Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
 Don't choose a spineless ISP; we have more backbone!  http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --