[12912] in North American Network Operators' Group
Re: Getting PING bombed...
daemon@ATHENA.MIT.EDU (Craig A. Huegen)
Sat Oct 18 16:08:30 1997
Date: Sat, 18 Oct 1997 12:56:23 -0700 (PDT)
From: "Craig A. Huegen" <chuegen@quadrunner.com>
To: Jared Mauch <jared@puck.nether.net>
cc: jamie@intuition.iagnet.net, dougd@airmail.net, nanog@merit.edu,
security@uu.net, help@uu.net, noc@airmail.net
In-Reply-To: <199710181648.MAA32164@puck.nether.net>
On Sat, 18 Oct 1997, Jared Mauch wrote:
==> The warning of doing this is be sure you're running code that
==>doesn't generate icmp administrativeley prohibited messages for each packet
==>denied, else that will melt down your router cpu
For a Cisco, the only release this "fast drop" code is currently in is
11.1CA, release 11.1(13.5)CA and later. It is currently not in 11.2, but
is being worked on.
See http://www.quadrunner.com/~chuegen/smurf.txt for more information
regarding filtering/tracing capabilities (and information about "smurf"
attacks).
/cah
