icmp flooding, distributed ddos?
Johannes Ullrich
jullrich at euclidian.com
Thu Sep 4 15:18:17 EDT 2003
> The ICMP blocking may well be in response to a flood of
> ICMP packets.
hm. blocking all ICMP traffic is bad. This will break a lot
of things. I know that some ISPs block 92 Byte long ICMP
to keep the worm traffic down. But in particular if they start
blocking ICMP error messages (source quench, port unreachable...),
a lot of things may break.
--
--------------------------------------------------------------
Johannes Ullrich jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
"We regret to inform you that we do not enable any of the
security functions within the routers that we install."
support at covad.net
--------------------------------------------------------------
More information about the Discuss
mailing list