smurf's attack..i

• Previous message (by thread): smurf's attack..i
• Next message (by thread): smurf's attack...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 02:40 PM 9/5/97 -0700, Steve Noble wrote:
>If you are going to filter, you can just filter ICMP for now, thats the
>major protocol used in the attack, that way you are only slightly
>affecting those who might have a .255 address on one of their machines.

We instead limit the rate of ICMP to 30kb/sec over our T1 line, thereby
allowing ICMP to work, but yet limiting the damage an ICMP storm can cause.
We use a box called Bandwiz that does the QoS (been discussed here before in
the past).

-Hank

• Previous message (by thread): smurf's attack..i
• Next message (by thread): smurf's attack...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]