> > Finally I would highly reccomend adding a stateful > packet filter between your ISP and your network, take > a look at netfilter.org, so you don't "have to weather > the storm" or whatever else your ISP has in store for > you. This will allow you to have a much tighter > control over the traffic entering your network as well > as traffic orininating from your network. As far as I understand, the problem is that their network becomes inaccessible during flood period. In this case any filtering on the client side (on their end of ISP connection) will not help much - flood traffic has to be filtered on fat provider's pipes, not after it filled up a thin client link. Regards, Vitaly. > > Hope this helps, > Guhan > > --- Richard Ginski <rginskiat_private> wrote: > > This past weekend, we experienced the periodic > > flooding of our network. > > The flooding caused our network to be inaccessible. > > The traffic has > > mainly been ICMP: large quantities of large spoofed > > packets...similar to > > "ping-of-death. Appropriate patching has been > > applied so the actual > > attach does not shut anything down. However, it does > > succeed in flooding > > of our network rendering it inaccessible. > > > > We are trying to figure out a way, if any, to > > mitigate this attack from > > flooding our network in the future. We tried to > > coordinate with our ISP > > upstream but they say they can't do anything....and > > we feel sending > > resets on our end would be useless and ineffective. > > We are trying to > > figure out a way to eliminate the "choke point" or > > "bottle neck" when > > the attacks occur. I feel we should be able to do > > something better than > > just "weathering the storm". > > > > > > Any suggestions? > > > > TIA > > > > > -------------------------------------------------------------------------- -- > > This list is provided by the SecurityFocus ARIS > > analyzer service. > > For more information on this free incident handling, > > management > > and tracking system please see: > > http://aris.securityfocus.com > > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 09:16:34 PDT