[ale] flooding problem - a admin perspective

Russell Enderby russell.enderby at arris-i.com
Tue Dec 21 09:24:55 EST 1999


Background:  You are an admin for an ISP who still runs shell services (ie- 
eggdrops, etc).  One of the eggrdrops peves off somone on the IRC network 
and decides to take serious revenge on that user's eggdrop by ping flooding 
the box.

The ping flood they decide is problematic, they run mutiple attacks from 
multiple providers through china so backtracing is very difficult if not 
impossible with the source ip being spoofed.

You are running firewalls rules with ipfwadm to block icmp messages but it 
takes down your upstream providers pipe to you since they have there 
bandwidth at 80% capacity.

What would you do?  Try to bandwidth limit flood attacks somehow without 
hindering other communications somewhere upstream?  Upstream providers WILL 
NOT put ICMP filters inplace for you so bandwidth is still consumed if you 
have firewalls in place.

Just dont deal with the hassle and tell your shell customers to take a hike 
while just leaving the problem out there a real threat to anyones network 
if they 'irritate' any joe blow on the internet?

This problem is a problem that is difficult to solve and anyones input on 
this would be greatly appreciated.

Sincerely,
Russell Enderby

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.






More information about the Ale mailing list