smurf's attack..i

Hank Nussbacher hank at
Sun Sep 7 19:24:37 UTC 1997

At 02:40 PM 9/5/97 -0700, Steve Noble wrote:
>If you are going to filter, you can just filter ICMP for now, thats the
>major protocol used in the attack, that way you are only slightly
>affecting those who might have a .255 address on one of their machines.

We instead limit the rate of ICMP to 30kb/sec over our T1 line, thereby
allowing ICMP to work, but yet limiting the damage an ICMP storm can cause.
We use a box called Bandwiz that does the QoS (been discussed here before in
the past).


More information about the NANOG mailing list