> Once upon a time, Jack Bates <[EMAIL PROTECTED]> said:
> > Are people idiots or do they just not possess equipment capable of
> > trashing 92 byte icmp traffic and letting the small amount of normal
> > traffic through unhindered?
>
> Well, when we used the policy routing example from the Cis
Temkin, David wrote:
We've noticed that one of our upstreams (Global Crossing) has introduced
ICMP rate limiting 4/5 days ago. This means that any traceroutes/pings
through them look awful (up to 60% apparent packet loss). After
contacting their NOC, they said that the directive to install th
Selon "Christopher L. Morrow" <[EMAIL PROTECTED]>:
>
>
>
> On Thu, 28 Aug 2003, [EMAIL PROTECTED] wrote:
>
> >
> > On Thu, 28 Aug 2003, Christopher L. Morrow wrote:
> >
> > > Rate-limiting ICMP is 'ok' if you, as the provider, think its worthwhile
> > > and you, as the provider, want to deal
> As attacks evolve and transform are we really to believe that rate
> limiting icmp will have some value in the attacks of tomorrow?
no. nor those of today. the only way we're going to flatten the increase
of attack volume, or even turn it into a decrease, is with various forms of
admission co
> > Along these lines, how does this limiting affect akamai or other 'ping
> > for distance' type localization services? I'd think their data would
> > get somewhat skewed, right?
using icmp to predict tcp performance has always been a silly idea; it
doesn't take any icmp rate limit policy change
At 12:39 PM 8/28/2003, you wrote:
> Along these lines, how does this limiting affect akamai or other 'ping for
> distance' type localization services? I'd think their data would get
> somewhat skewed, right?
Perhaps they'll come up with a more advanced system of
monitoring?
probally
On Thu, Aug 28, 2003 at 03:55:26PM +, Christopher L. Morrow wrote:
> On Thu, 28 Aug 2003, Wayne E. Bouchard wrote:
>
> >
> > While rate limiting ICMP can be a good thing, it has to be done
> > carefully and probably can't be uniform across the backbone. (think of
> > a common site that gets p
* [EMAIL PROTECTED] said:
>
> On Wed, 27 Aug 2003, [EMAIL PROTECTED] wrote:
>
> > We have a similarly sized connection to MFN/AboveNet, which I won't
> > recommend at this time due to some very questionable null routing they're
> > doing (propogating routes to destinations, then bitbucketing tra
At 09:26 AM 8/28/2003, you wrote:
It takes some education to the customers, but after they understand why,
most are receptive.
Especially when they get DOS'ed.
We have been rate limiting ICMP for a long time, however, it is only
recently that the percentage limit has been reached and people have s
On Thu, Aug 28, 2003 at 08:48:50AM -0400, Jared Mauch wrote:
> they [customers] expect a bit of loss when transiting a peering
> circuit or public fabric, and if the loss is only of icmp they
> tend to not care.
Um, since when? My customers expect perfection and if they don't get
it, they're gonn
Of the DDOS attacks I have had to deal with in the past year I have seen
none which were icmp based.
As attacks evolve and transform are we really to believe that rate limiting
icmp will have some value in the attacks of tomorrow?
-Gordon
>
> On Wed, 27 Aug 2003, [EMAIL PROTECTED] wrote:
>
> > W
last weekend, but that it was only on a temporary basis.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2003 8:24 AM
To: [EMAIL PROTECTED]
Subject: GLBX ICMP rate limiting (was RE: Tier-1 without their own
backbone?)
On Wed, 27 Aug 2003
On Thu, Aug 28, 2003 at 01:23:40PM +0100, [EMAIL PROTECTED] wrote:
>
> On Wed, 27 Aug 2003, [EMAIL PROTECTED] wrote:
>
> > We have a similarly sized connection to MFN/AboveNet, which I won't
> > recommend at this time due to some very questionable null routing they're
> > doing (propogating rout
On Wed, 27 Aug 2003, [EMAIL PROTECTED] wrote:
> We have a similarly sized connection to MFN/AboveNet, which I won't
> recommend at this time due to some very questionable null routing they're
> doing (propogating routes to destinations, then bitbucketing traffic sent
> to them) which is causing c
14 matches
Mail list logo
