[ale] RE: flooding problem - a admin perspective

Russell Enderby russell.enderby at arris-i.com
Tue Dec 21 19:02:09 EST 1999


-----Original Message-----
 From:	R. DuFresne [SMTP:dufresne at sysinfo.com]
Sent:	Tuesday, December 21, 1999 1:53 PM
To:	Russell Enderby
Subject:	Re: flooding problem - a admin perspective

On Tue, 21 Dec 1999, Russell Enderby wrote:

>
> Background:  You are an admin for an ISP who still runs shell services 
(ie-
> eggdrops, etc).  One of the eggrdrops peves off somone on the IRC network 
> and decides to take serious revenge on that user's eggdrop by ping 
flooding
> the box.
>
> The ping flood they decide is problematic, they run mutiple attacks from
> multiple providers through china so backtracing is very difficult if not
> impossible with the source ip being spoofed.
>
> You are running firewalls rules with ipfwadm to block icmp messages but 
it
> takes down your upstream providers pipe to you since they have there
> bandwidth at 80% capacity.
>
> What would you do?  Try to bandwidth limit flood attacks somehow without
> hindering other communications somewhere upstream?  Upstream providers 
WILL
> NOT put ICMP filters inplace for you so bandwidth is still consumed if 
you
> have firewalls in place.

seems to me you need to stregthen the relationship with those upstream
providers.  Why will they not put in filters for you only if you are
already using firewalls for defense?

providers like ICI, UUNET, and Sprint will not put them in because it 
causes 'OVERHEAD' on their routers and delays packet delivery.   Even if 
they do put it in they will not keep it on perminately, which means the 
person can attack again at any time and take us down.

[Russell Enderby]

>
> Just dont deal with the hassle and tell your shell customers to take a 
hike
> while just leaving the problem out there a real threat to anyones network 
> if they 'irritate' any joe blow on the internet?
>
> This problem is a problem that is difficult to solve and anyones input on 
> this would be greatly appreciated.
>
> Sincerely,
> Russell Enderby
>


thanks,

Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.






More information about the Ale mailing list