ISP's who filter ICMP during DoS?

• Previous message (by thread): ISP's who filter ICMP during DoS?
• Next message (by thread): ISP's who filter ICMP during DoS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 28 Jun 2001, ASV wrote:

>
> Does anyone have a list of which ISPs are willing to filter ICMP packets
> for you when your network is being (D)DoS'd, and which prefer to simply
> blackhole / disconnect you, and which will do absolutely nothing??
>
> I'm finding it hard to gather this information and it occured to me that
> this is an obvious factor when choosing an ISP!

There are two kinds of icmp. The kind you absolutely need and the kind you
don't. If you are running a service that is likely to get attention
(dunno, an irc server or not universally liked content), you will want to
filter the kind you do no don't absolutely need by default.

Not that this helps you in any way, DoS attacks rarely use icmp these
days. Lots of 'valid' packets is the keyword today. If you are being
hammered by tcp packets on port 80 of your webserver, there is very little
you can do but filter _real_ traffic. If it's a DDoS, being able to
distinguish real traffic from the DoS-attack is going to be a pain. You
will not find many providers who want to dig this deep at this point in
time. Best service you can get to keep the rest of your network from
falling down because of that one host is then to get it blackholed
upstream.

In the current atmosphere, the only real protection you can buy against
Denial-of-Service attacks is by distributing your service. If you are
distributed and they are distributed, the odds are better; You can
sacrifice a host under attack without losing service.

Hope that helps,
Pi

• Previous message (by thread): ISP's who filter ICMP during DoS?
• Next message (by thread): ISP's who filter ICMP during DoS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]