nanog mailing list archives

Re: ICANN Targets DDoS Attacks

From: Jared Mauch <jared () puck Nether net>
Date: Tue, 29 Oct 2002 16:11:49 -0500


On Tue, Oct 29, 2002 at 01:03:52PM -0800, Jeff Shultz wrote:

On 10/29/2002 at 3:40 PM Valdis.Kletnieks () vt edu wrote:

On Tue, 29 Oct 2002 22:25:44 +0200, Petri Helenius <pete () he iki fi>

said:

Why would you like to regulate my ability to transmit and receive

data

using ECHO and ECHO_REPLY packets? Why they are considered
harmful?


Smurf.


Okay. What will this do to my user's ping and traceroute times, if
anything? I've got users who tend to panic if their latency hits

250ms

between here and the moon (slight exaggeration, but only slight). 

I just love it when I've got people blaming me because the 20th hop

on

a traceroute starts returning  * * * instead of times.


    that's icmp ttl expired messages.


I know that, and I try to explain it to my customers... but it doesn't
answer the first part of the question - what will throttling ICMP do to
ping and traceroute times? My gut reaction is that it will a. slow them


        ICMP?

        Or only icmp echo and icmp echo-reply messages?

        In a well behaved router, nothing.  Obviously if you have
a 7500 or older GSR linecards that are incapable of doing this due to
design problems from day one in pps rates and feature path, there
may be a hit.

        I'm not saying rate-limit anything other than echo+reply.

down and/or b. discard a lot of them making the circuit look unreliable
to ping. But I don't know enough about the underlying technology to be
sure of that.


        Once again, i'd like to see (other than a performance
checking customer) generate more than 2Mb/s of icmp.echo and icmp.echo-reply
packets that are legit and not part of a DoS.  This is quite rare.

        Do your own stats and test your hardware.

        - jared

-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

Current thread:

Re: ICANN Targets DDoS Attacks, (continued)
- - Re: ICANN Targets DDoS Attacks Stephen J. Wilcox (Oct 29)
  - Re: ICANN Targets DDoS Attacks Valdis . Kletnieks (Oct 29)
- RE: ICANN Targets DDoS Attacks H. Michael Smith, Jr. (Oct 29)
  - RE: ICANN Targets DDoS Attacks fingers (Oct 29)
  - Re: ICANN Targets DDoS Attacks Petri Helenius (Oct 29)
    - Re: ICANN Targets DDoS Attacks Valdis . Kletnieks (Oct 29)
    - Re: ICANN Targets DDoS Attacks Jeff Shultz (Oct 29)
    - Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
    - Re: ICANN Targets DDoS Attacks Jeff Shultz (Oct 29)
    - Re: ICANN Targets DDoS Attacks Stephen J. Wilcox (Oct 29)
    - Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
    - ICMP filtering, was Re: ICANN Targets DDoS Attacks Rob Thomas (Oct 29)
    - Re: ICMP filtering, was Re: ICANN Targets DDoS Attacks Rafi Sadowsky (Oct 29)
    - Re: ICMP filtering, was Re: ICANN Targets DDoS Attacks Rob Thomas (Oct 30)
    - Message not available
    - Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
    - Re: ICANN Targets DDoS Attacks Brett Frankenberger (Oct 29)
    - Re: ICANN Targets DDoS Attacks Peter E. Fry (Oct 29)
    - Re: ICANN Targets DDoS Attacks Valdis . Kletnieks (Oct 29)
    - Re: ICANN Targets DDoS Attacks Jared Mauch (Oct 29)
- RE: ICANN Targets DDoS Attacks H. Michael Smith, Jr. (Oct 29)
  - RE: ICANN Targets DDoS Attacks fingers (Oct 29)

(Thread continues...)