Hi all. With the recent release of TFN and other distributed attacks, I
was wondering what people are doing to prevent becoming a victim of such
an attack. I've read the whitepapers that have come thru bugtraq, but
there does not appear to be explicit instructions on how to
prevent/protect a network from such an attack.
I understand that by the time the attack is underway, it's probably too
late. But what about restricting the total amount of ICMP traffic that
is allowed through a network? IOW, what about restricting this traffic
to, say, 30k at the upstream provider router? Cisco routers have a
Committed Access Rate function, which performs just this exact task, and
seems to me to at least stop the attack upstream...
Thanks,
Dave
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
