[39237] in North American Network Operators' Group
Re: ISP's who filter ICMP during DoS?
daemon@ATHENA.MIT.EDU (Rafi Sadowsky)
Fri Jun 29 07:32:14 2001
Date: Fri, 29 Jun 2001 14:31:13 +0300 (IDT)
From: Rafi Sadowsky <rafi-nanog@meron.openu.ac.il>
Reply-To: <nanog@merit.edu>
To: ASV <lists-nanog@silverwraith.com>
Cc: <nanog@merit.edu>
In-Reply-To: <20010628234930.H11512-100000@apple.silverwraith.com>
Message-ID: <Pine.GSO.4.31.0106291344310.6160-100000@meron.openu.ac.il>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 28 Jun 2001, ASV wrote:
>
> Does anyone have a list of which ISPs are willing to filter ICMP packets
> for you when your network is being (D)DoS'd, and which prefer to simply
> blackhole / disconnect you, and which will do absolutely nothing??
IMHO the best protection you can get from ICMP flooding is a permanent
rate-limit on your upstream router to something between 1-5 % of the line
capacity - You won't feel it unless you have a DoS attack and then it
kicks automagically
NOTE: depending on your "normal" traffic you want to rate limit UDP
to something between say 20-50 % of line capacity
- Rafi
>
> I'm finding it hard to gather this information and it occured to me that
> this is an obvious factor when choosing an ISP!
>
> Thanks,
>
>
>
>
