Network Operators and smurf
Martin, Christian
CMartin at mercury.balink.com
Sun Apr 26 08:02:25 UTC 1998
Craig,
I am currently looking into the feature set for this release, as I have
to support SMDS, HSRP, Frame, ATM, and VIP2-50 boards. Hopefully this
will work. Have you heard of any success/failure stories using dCEF on
75xx against these attacks. If so, I'd be interested to hear of them.
PS
I have your paper on my corkboard - very nice.
Just rantin' and ravin'.
Chris
>-----Original Message-----
>From: Craig A. Huegen [SMTP:chuegen at quadrunner.com]
>Sent: Sunday, April 26, 1998 3:44 AM
>To: Martin, Christian
>Cc: 'nanog at merit.edu'
>Subject: RE: Network Operators and smurf
>
>On Sun, 26 Apr 1998, Martin, Christian wrote:
>
>==>network. We are connected upstream at 45Mbps. As the attack
>==>intensified, router CPU Utilization jumped to 99%, and the input queue
>==>on our inbound HSSI was at 75/75. We started dropping packets at a rate
>==>of about 7000/sec. The attacks were coming in from all over the world.
>
>Have you read the smurf document found at
>http://www.quadrunner.com/~chuegen/smurf.txt?
>
>I'd be interested to know what version of code you were running.
>
>I've seen a provider drop over 120 Mbps of smurf traffic in access-lists
>for over an hour and the routers weren't affected one bit.
>
>IOS CA & CC code 11.1(13.5) and later have a fix to the code which handles
>access-list drops--called "fast drop"--which fixes some inefficiencies in
>packet handling.
>
>***READ*** the document at the URL above. It's amazing how much that URL
>has been advertised, through all the advisories, through the NOCs, etc.,
>but with the ongoing thread over the last few weeks it almost appears that
>a lot of people either haven't heard about it or haven't read it.
>
>Of course, it's been put into mail messages 9 times on NANOG already:
>chuegen at quad:3:~>grep "quadrunner.com" mail/nanog | grep "smurf" | wc -l
> 9
>
>/cah
>
More information about the NANOG
mailing list