[104552] in North American Network Operators' Group
Re: [NANOG] Limiting ICMP
daemon@ATHENA.MIT.EDU (Kameron Gasso)
Sun May 18 01:15:27 2008
Date: Sat, 17 May 2008 22:12:52 -0700
From: Kameron Gasso <kgasso-lists@visp.net>
To: Drew Weaver <drew.weaver@thenap.com>
In-Reply-To: <B7152C470C9BF3448ED33F16A75D81C14D32DCF7AC@exchanga.thenap.com>
Cc: "Nanog@merit.edu" <Nanog@merit.edu>
Reply-To: kgasso@visp.net
Errors-To: nanog-bounces@nanog.org
Drew Weaver wrote:
> (do people still DDoS with ICMP these days? I see a lot of what looks like udp.pl and hardly any ICMP attack traffic anymore)
We saw a small attempted attack using ICMP a few weeks ago, but as
you've mentioned I've mostly been seeing UDP floods (and the occasional
TCP SYNflood still).
I do feel the need to comment that more and more lately I've been
running into extremely frustrating situations where useful ICMP and UDP
traffic was being filtered bidirectionally, not just rate-limited. I
think my favorite incident so far of this was a host that returned an
ICMP UNREACHABLE (with a "filtered" code) in response to an ECHO REQUEST
to itself.
Cheers,
--Kameron
_______________________________________________
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
