[ale] flooding problem - a admin perspective
Russell Enderby
russell.enderby at arris-i.com
Tue Dec 21 09:24:55 EST 1999
Background: You are an admin for an ISP who still runs shell services (ie-
eggdrops, etc). One of the eggrdrops peves off somone on the IRC network
and decides to take serious revenge on that user's eggdrop by ping flooding
the box.
The ping flood they decide is problematic, they run mutiple attacks from
multiple providers through china so backtracing is very difficult if not
impossible with the source ip being spoofed.
You are running firewalls rules with ipfwadm to block icmp messages but it
takes down your upstream providers pipe to you since they have there
bandwidth at 80% capacity.
What would you do? Try to bandwidth limit flood attacks somehow without
hindering other communications somewhere upstream? Upstream providers WILL
NOT put ICMP filters inplace for you so bandwidth is still consumed if you
have firewalls in place.
Just dont deal with the hassle and tell your shell customers to take a hike
while just leaving the problem out there a real threat to anyones network
if they 'irritate' any joe blow on the internet?
This problem is a problem that is difficult to solve and anyones input on
this would be greatly appreciated.
Sincerely,
Russell Enderby
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list