[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[NANOG] Limiting ICMP

Subject: [NANOG] Limiting ICMP
From: kgasso-lists at visp.net (Kameron Gasso)
Date: Sat, 17 May 2008 22:12:52 -0700
In-reply-to: <[email protected]>
References: <[email protected]>

Drew Weaver wrote:
> (do people still DDoS with ICMP these days? I see a lot of what looks like udp.pl and hardly any ICMP attack traffic anymore)

We saw a small attempted attack using ICMP a few weeks ago, but as 
you've mentioned I've mostly been seeing UDP floods (and the occasional 
TCP SYNflood still).

I do feel the need to comment that more and more lately I've been 
running into extremely frustrating situations where useful ICMP and UDP 
traffic was being filtered bidirectionally, not just rate-limited.  I 
think my favorite incident so far of this was a host that returned an 
ICMP UNREACHABLE (with a "filtered" code) in response to an ECHO REQUEST 
to itself.

Cheers,

--Kameron

References:
- [NANOG] Limiting ICMP
  - From: drew.weaver at thenap.com (Drew Weaver)

Prev by Date: [NANOG] Limiting ICMP
Next by Date: [NANOG] Routing table for BGP
Previous by thread: [NANOG] Limiting ICMP
Next by thread: [NANOG] Limiting ICMP
Index(es):
- Date
- Thread