[nsp] Nachi WORM & ICMP floods of ICMP packets ..
Gert Doering
gert at greenie.muc.de
Fri Sep 5 17:40:21 EDT 2003
Hi,
On Thu, Sep 04, 2003 at 07:55:06AM -0700, Voll, Scott wrote:
> It got so bad on our network that 85% of traffic was ICMP. We have set
> up ACLs to deny ICMP until our customers can clean up there networks.
What we do is that we rate-limit incoming ICMP echo at our border
routers. This sucks, as we get now complaints "your network is loosing
packets and my customers complain about poor connectivity", but it sucks
considerably less than filtering all ICMP echo (meaning "no network
diagnosis at all").
I'm not overly happy with that, though - it was meant to be put in place
for a couple of day, until the worst is over. Now it's in place 2 weeks,
and I don't see a significant reduction in the number of dropped packets.
Bah.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list