* Fredy Kuenzler <[EMAIL PROTECTED]>: > We seem to experience quite a bit of ICMP DOS attacks. The come along in > waves, which makes some devices within our backbone stumble and loosing > packets.
DoS, or the well known nacchi worm? (Nacchi uses 92byte Packets exclusively, so it should be easy to sort that out) > As ICMP should generally not be blocked, I'm thinking about rate > limiting it on core routers. Any hints, links, suggestions? There was a discussion about this Topic just one or two Weeks ago on the nanog lists. I do consider rate limiting a very bad idea, because it produces a non-predictable behaviour. Sometimes ICMP works, some time it doesn't. Just think about all those poor people that have ADSL, and those good damn PMTUD Problems (which can be work arounded, but still). Filtering Bogons and proper Abuse Reports should be way to go to fight DoS Attacks. -- Today is the first day of the rest of our lives. http://www.suug.ch ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
