This past weekend, we experienced the periodic flooding of our network. The flooding caused our network to be inaccessible. The traffic has mainly been ICMP: large quantities of large spoofed packets...similar to "ping-of-death. Appropriate patching has been applied so the actual attach does not shut anything down. However, it does succeed in flooding of our network rendering it inaccessible. We are trying to figure out a way, if any, to mitigate this attack from flooding our network in the future. We tried to coordinate with our ISP upstream but they say they can't do anything....and we feel sending resets on our end would be useless and ineffective. We are trying to figure out a way to eliminate the "choke point" or "bottle neck" when the attacks occur. I feel we should be able to do something better than just "weathering the storm". Any suggestions? TIA ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jun 17 2002 - 14:22:52 PDT