[66636] in North American Network Operators' Group
Re: New IPv4 Allocation to ARIN
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Sun Jan 18 10:51:44 2004
Date: Sun, 18 Jan 2004 10:50:59 -0500 (EST)
From: jlewis@lewis.org
To: Petri Helenius <pete@he.iki.fi>
Cc: nanog@merit.edu
In-Reply-To: <400A841A.8020406@he.iki.fi>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 18 Jan 2004, Petri Helenius wrote:
> >It's those dang Nachi-sized ICMP echo/echo-replies. We block those at all
> >our transit points and dial-up ports. Nachi was killing our cisco
^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >access-servers until we did this to stop the spread.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> I know what they are and how to get around them. I just look down on people
> dropping my packets in their backbones without reason.
I wasn't joking or kidding about the above. Many others who run dialup
services saw similar problems (both with cisco and other vendor's gear).
Blocking these size/type packets, as per suggestions from cisco's web site
was the easiest way to keep our network up, and prevent additional
infections both into and out from our customers.
Have others who implemented them dropped their echo/echo-reply 92-byte
filters?
If tracert defaulted to udp like just about every "unix" traceroute or
allowed you to vary the packet size or protocol, this wouldn't be as much
of an issue.
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
