Date: Tue, 1 Dec 1998 08:41:10 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Karl Denninger <karl@Denninger.Net> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, John Saunders <john.saunders@scitec.com.au>, freebsd-current@FreeBSD.ORG Subject: Re: RE: D.O.S. attack protection enhancements commit (ICMP_BANDLIM) Message-ID: <199812011641.IAA07525@apollo.backplane.com> References: <005b01be1cf6$e6368da0$6cb611cb@saruman.scitec.com.au> <199812010708.XAA03688@apollo.backplane.com> <199812011619.LAA04055@khavrinen.lcs.mit.edu> <19981201103044.A55812@Denninger.Net>
next in thread | previous in thread | raw e-mail | index | archive | help
:>
:> -GAWollman
:
:20kpps of ICMP traffic?! Surely you jest!
I wish I were. The hackers have realized over the last year that sending
80 MBps packet attacks using large packets doesn't work anywhere near
as well as sending 80 MBps packet attacks using tiny packets that cause
ICMP replies. We upgraded our Cisco border routers to all VIP-2 cards
6 months ago *just* so they wouldn't fall over in an attack and were also
one of the first to use Cisco's ICMP reply limiting hack, and now we are
upgrading them to whatever the next generation card is ( I forget what
these new cards are called ). That takes care of attacks against
routers. My ICMP patch takes care of attacks against servers.
It's only going to get worse when we upgrade our transit links form T3
to OC3.
-Matt
:Karl Denninger (karl@denninger.net) http://www.mcs.net/~karl
Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet
Communications & God knows what else.
<dillon@backplane.com> (Please include original email in any response)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812011641.IAA07525>