[14462] in North American Network Operators' Group
Re: ip directed-broadcast
daemon@ATHENA.MIT.EDU (Eric Wieling)
Wed Dec 31 10:50:40 1997
Date: Mon, 29 Dec 1997 13:14:39 -0600
From: Eric Wieling <eric@ccti.net>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.3.95.971229123207.27401b-100000@inorganic5.fdt.net>; from Jon Lewis on Mon, Dec 29, 1997 at 12:42:50PM -0500
On Mon, Dec 29, 1997 at 12:42:50PM -0500, Jon Lewis wrote:
>
> > 2.) they will no longer filter icmp echo reply for me, even though
> > they understand that my link is now useless without that.
> > They do not have cpu cycles to spare for this purpose.
>
> Somewhat understandable...but perhaps they should have designed their
> network a little better and not overloaded their routers to point that one
> or few line filters push the CPU over the edge....Strike 2.
>
> > 3.) they do not see this type of attack very often and don't
> > consider it much of a problem.
>
> Sure...it causes them very little trouble. Odds are good their NOC gets
> smurfed very rarely. Strike 3.
We have a T-1 to Sprint, served out of their Ft. Worth POP. If I
down the T on our end, does anyone know if the Sprint (or MCI, or
UUNET, etc) router will send back ICMP host/network unreachable
messages?
I ask because if the core routers DO send back ICMP host/network
unreachables and a customer that is being smurfed turns down their T,
I'd imagine that the core router would generate a heck of a lot of
traffic. It might be enough to catch someone's attention.
-- Eric, who does not have a lot of patience with companies that don't
seem to care about smurfing.
--
Eric Wieling (eric@ccti.net), Corporate Communications Technology
Sales: 504-585-7303 (sales@ccti.net), Support: 504-525-5449 (support@ccti.net)
Paranoia: It's not just for breakfast anymore.
