[NANOG] Limiting ICMP

Drew Weaver drew.weaver at thenap.com
Sat May 17 22:53:00 CDT 2008


     Hi there,

I'm wondering if anyone else has run into this/has heard of/(is responsible for)/knows the reason behind large IP providers limiting ICMP on outbound connections to the same amounts regardless of the size of the circuit?

        Apparently after one of our upstream providers switched to Juniper for some of their equipment  their engineers recommended that they limit ICMP on all customer facing connections to 5mbps.  I understand that preventing DDoS        is important but why A) would they apply the same rule to our OC-48 that they apply to someone else's T1/DS-3 and B) why is that a requirement for Juniper gear?

(do people still DDoS with ICMP these days? I see a lot of what looks like udp.pl and hardly any ICMP attack traffic anymore)

Sorry as usual if i'm off-topic.

-Drew




More information about the NANOG mailing list