[44221] in North American Network Operators' Group
Re: Rate limiting UDP,Multicast,ICMP
daemon@ATHENA.MIT.EDU (Ian Cooper)
Tue Nov 13 12:55:16 2001
Date: Tue, 13 Nov 2001 09:54:03 -0800
From: Ian Cooper <ian@the-coopers.org>
To: Thomas Gainer <TGainer@e-xpedient.com>, nanog@merit.edu
Message-ID: <13654459.1005645240@[0.0.0.0]>
In-Reply-To: <E6F85CA58D2A834E99B1683C05BC7987025F95B5@mail.corp.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
If you're limiting inbound for them then you might affect their ability to
view some streaming media.
--On Tuesday, November 13, 2001 12:42 -0500 Thomas Gainer
<TGainer@e-xpedient.com> wrote:
>
> A little more information. We sell 100Mb Ethernet pipes to the Internet.
> (Yes, there are a few of us left). A fair number of these customers are
> small businesses. Usually, they have servers but very little IT support
> and even less IT know how. My thought is to rate limit UDP and ICMP at
> the customer port to no more than 3Mb/s so WHEN (not if) a customer is
> compromised, the effects are somewhat limited and my MAN pipes have some
> measure protection. The question is, what am I not thinking of? DNS,
> TFTP and such should all operate virtually unaffected, as they are not
> bandwidth hungry services.
>
> Thomas
