[ale] flooding problem - a admin perspective

[Glenn C. Lasher Jr.]

Start asking your upstream provider for ICMP throttling or filtering.  If
they won't provide it, find another upstream provider.

On Tue, 21 Dec 1999, Russell Enderby wrote:

> 
> Background:  You are an admin for an ISP who still runs shell services (ie- 
> eggdrops, etc).  One of the eggrdrops peves off somone on the IRC network 
> and decides to take serious revenge on that user's eggdrop by ping flooding 
> the box.
> 
> The ping flood they decide is problematic, they run mutiple attacks from 
> multiple providers through china so backtracing is very difficult if not 
> impossible with the source ip being spoofed.
> 
> You are running firewalls rules with ipfwadm to block icmp messages but it 
> takes down your upstream providers pipe to you since they have there 
> bandwidth at 80% capacity.
> 
> What would you do?  Try to bandwidth limit flood attacks somehow without 
> hindering other communications somewhere upstream?  Upstream providers WILL 
> NOT put ICMP filters inplace for you so bandwidth is still consumed if you 
> have firewalls in place.
> 
> Just dont deal with the hassle and tell your shell customers to take a hike 
> while just leaving the problem out there a real threat to anyones network 
> if they 'irritate' any joe blow on the internet?
> 
> This problem is a problem that is difficult to solve and anyones input on 
> this would be greatly appreciated.
> 
> Sincerely,
> Russell Enderby
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> 

--
Critter at Wizvax.Net
Don't Steal - The government hates competition.
PGP key available at http://www.wizvax.net/critter/pgpkey.html.


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.