[15873] in North American Network Operators' Group
Re: Access Lists
daemon@ATHENA.MIT.EDU (Dan Boehlke)
Thu Mar 26 01:44:54 1998
Date: Thu, 26 Mar 1998 00:35:55 -0600 (CST)
From: Dan Boehlke <dboehlke@mr.net>
To: "Martin, Christian" <CMartin@mercury.balink.com>
cc: "'NANOG'" <nanog@merit.edu>
In-Reply-To: <c=US%a=_%p=BAIS%l=MERCURY-980325234928Z-1732@mercury.balink.com>
You could just withdraw your BGP announcement for the net being attacked
and suddenly the attack packets will die at the first router without a
default route on their way to the victim.
On Wed, 25 Mar 1998, Martin, Christian wrote:
> Hello All,
>
> I have a customer who is being ping-flooded. His bandwidth is being
> sucked up due to these floods, and wishes me to block them on my router.
> I am somewhat reluctant to do this, since it goes against our policy;
> however, the customer has been very patient with us on this issue and
> his patience is running out.
>
> I would be implementing on a Cisco 7507, with 3 T-3s to the Internet,
> and the customer hangs off the router on a T-1. What is the general
> consensus on providing such a service, particularly in terms of
> processing overhead and manageability. Is there another way to prevent
> this type of attack, aside from watching packets go by and trying to
> trace it back through the source. The source IPs are spoofed.
>
> Thanks!
> Christian Martin
>
--
Dan Boehlke, Senior Network Engineer M R N e t
Internet: dboehlke@mr.net A MEANS Telcom Company
Phone: 612-362-5814 2829 SE University Ave. Suite 200
WWW: http://www.mr.net/~dboehlke/ Minneapolis, MN 55414
