smurf

Adrian Chadd adrian at ourworld.net
Mon Dec 8 16:43:23 UTC 1997


On Fri, 5 Dec 1997, Wayne Bouchard wrote:

[snip]

> threaten the most disruption of internet services. With ISDN and
> DSL, users have the bandwidth necessary to generate even more
> dangerous levels of traffic. If you don't think this issue affects
> you, it does. If you're not a target, your probably being used
> as a source.

I agree totally.
A couple of problems:

* Filtering ALL ICMP is pretty silly, ICMP is there for more than just
  pings, and some of it is important.
* If people start doing this, someone with a smidgen of time on their
  hands will write a ping flooder that uses random TCP or UDP packets
  with spoofed from addresses.

I'm curious however - can anyone out there running netflow or something
similar give me a breakdown on what kind of ICMP traffic they're seeing?

Adrian





More information about the NANOG mailing list