Access Lists
Martin, Christian
CMartin at mercury.balink.com
Thu Mar 26 00:51:34 UTC 1998
That is what I am going to do. But with over 100 downstream customers,
and IOS 11.1 (sans named access lists) I don't want to start a
precedent.
Thanks!
On Wed, 25 Mar 1998, Jain Depak Wrote
Why not just filter all ping traffic to his T1 until the attack
subsides?
-Deepak.
On Wed, 25 Mar 1998, Martin, Christian wrote:
> Hello All,
>
> I have a customer who is being ping-flooded. His bandwidth is being
> sucked up due to these floods, and wishes me to block them on my router.
> I am somewhat reluctant to do this, since it goes against our policy;
> however, the customer has been very patient with us on this issue and
> his patience is running out.
>
> I would be implementing on a Cisco 7507, with 3 T-3s to the Internet,
> and the customer hangs off the router on a T-1. What is the general
> consensus on providing such a service, particularly in terms of
> processing overhead and manageability. Is there another way to prevent
> this type of attack, aside from watching packets go by and trying to
> trace it back through the source. The source IPs are spoofed.
>
> Thanks!
> Christian Martin
>
More information about the NANOG
mailing list