Network Operators and smurf

Martin, Christian CMartin at
Sun Apr 26 08:02:25 UTC 1998


I am currently looking into the feature set for this release, as I have
to support SMDS, HSRP, Frame, ATM, and VIP2-50 boards.  Hopefully this
will work.  Have you heard of any success/failure stories using dCEF on
75xx against these attacks.  If so, I'd be interested to hear of them.


I have your paper on my corkboard - very nice.

Just rantin' and ravin'.

>-----Original Message-----
>From:	Craig A. Huegen [SMTP:chuegen at]
>Sent:	Sunday, April 26, 1998 3:44 AM
>To:	Martin, Christian
>Cc:	'nanog at'
>Subject:	RE: Network Operators and smurf
>On Sun, 26 Apr 1998, Martin, Christian wrote:
>==>network.  We are connected upstream at 45Mbps.  As the attack
>==>intensified, router CPU Utilization jumped to 99%, and the input queue
>==>on our inbound HSSI was at 75/75.  We started dropping packets at a rate
>==>of about 7000/sec.  The attacks were coming in from all over the world.
>Have you read the smurf document found at
>I'd be interested to know what version of code you were running.
>I've seen a provider drop over 120 Mbps of smurf traffic in access-lists
>for over an hour and the routers weren't affected one bit. 
>IOS CA & CC code 11.1(13.5) and later have a fix to the code which handles
>access-list drops--called "fast drop"--which fixes some inefficiencies in
>packet handling.
>***READ*** the document at the URL above.  It's amazing how much that URL
>has been advertised, through all the advisories, through the NOCs, etc.,
>but with the ongoing thread over the last few weeks it almost appears that
>a lot of people either haven't heard about it or haven't read it.
>Of course, it's been put into mail messages 9 times on NANOG already:
>chuegen at quad:3:~>grep "" mail/nanog | grep "smurf" | wc -l
>      9

More information about the NANOG mailing list