[nsp] Nachi WORM & ICMP floods of ICMP packets ..

Gert Doering gert at greenie.muc.de
Fri Sep 5 17:40:21 EDT 2003


Hi,

On Thu, Sep 04, 2003 at 07:55:06AM -0700, Voll, Scott wrote:
> It got so bad on our network that 85% of traffic was ICMP.  We have set
> up ACLs to deny ICMP until our customers can clean up there networks.

What we do is that we rate-limit incoming ICMP echo at our border 
routers.  This sucks, as we get now complaints "your network is loosing
packets and my customers complain about poor connectivity", but it sucks 
considerably less than filtering all ICMP echo (meaning "no network 
diagnosis at all").

I'm not overly happy with that, though - it was meant to be put in place
for a couple of day, until the worst is over.  Now it's in place 2 weeks,
and I don't see a significant reduction in the number of dropped packets.

Bah.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de


More information about the cisco-nsp mailing list