[11895] in North American Network Operators' Group
Re: ICMP Attacks???????
daemon@ATHENA.MIT.EDU (Alex \"Mr. Worf\" Yuriev)
Thu Aug 21 21:48:02 1997
Date: Thu, 21 Aug 1997 21:39:44 -0400 (EDT)
From: "Alex \"Mr. Worf\" Yuriev" <alex@netaxs.com>
To: Jon Lewis <jlewis@inorganic5.fdt.net>
cc: "Peter E. Giza" <giza@adsmart.net>, nanog@merit.edu
In-Reply-To: <Pine.LNX.3.95.970821212110.600t-100000@inorganic5.fdt.net>
> Short of fixing every network on the internet, does anyone have any useful
> advice for what to do when smurfed? This happened to an FDT customer last
> night, and it had our T1 (according to uunet) at about 500% capacity.
> Obviously, until the attack stopped, our T1 wasn't too useful. I'm about
> >< close to just asking uunet to block all icmp echo replies from coming
> into FDT...but I know customers will complain.
Then they will start blasting UDP at you. Trust me, T1 is not that bad. We
periodically have DS-3s eaten up completely but it happens for such a
short time that it cannot really be traced :(
Alex
