[53063] in North American Network Operators' Group
Re: ICANN Targets DDoS Attacks
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Tue Oct 29 16:11:55 2002
Date: Tue, 29 Oct 2002 21:11:21 +0000 (GMT)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Jeff Shultz <jeffshul@wvi.com>
Cc: nanog@nanog.org
In-Reply-To: <200210291303520281.38E1A2CF@gateway.wvi.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 29 Oct 2002, Jeff Shultz wrote:
>
>
>
> *********** REPLY SEPARATOR ***********
>
> On 10/29/2002 at 3:54 PM Jared Mauch wrote:
>
> >On Tue, Oct 29, 2002 at 12:48:39PM -0800, Jeff Shultz wrote:
> >>
> >>
> >>
> >> *********** REPLY SEPARATOR ***********
> >>
> >> On 10/29/2002 at 3:40 PM Valdis.Kletnieks@vt.edu wrote:
> >>
> >> >On Tue, 29 Oct 2002 22:25:44 +0200, Petri Helenius <pete@he.iki.fi>
> >> said:
> >> >
> >> >> Why would you like to regulate my ability to transmit and receive
> >> data
> >> >> using ECHO and ECHO_REPLY packets? Why they are considered
> >> >> harmful?
> >> >
> >> >Smurf.
> >> >
> >>
> >> Okay. What will this do to my user's ping and traceroute times, if
> >> anything? I've got users who tend to panic if their latency hits
> 250ms
> >> between here and the moon (slight exaggeration, but only slight).
> >>
> >> I just love it when I've got people blaming me because the 20th hop
> on
> >> a traceroute starts returning * * * instead of times.
> >
> > that's icmp ttl expired messages.
>
> I know that, and I try to explain it to my customers... but it doesn't
> answer the first part of the question - what will throttling ICMP do to
> ping and traceroute times? My gut reaction is that it will a. slow them
> down and/or b. discard a lot of them making the circuit look unreliable
> to ping. But I don't know enough about the underlying technology to be
> sure of that.
As they say, if you dont set the rate limit too low then you wont encounter
drops under normal operation.
Steve
