Re: ICMP types - Taylor, Grant

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: netfilter@lists.netfilter.org
Subject: Re: ICMP types
Date: Sat, 30 Apr 2005 18:36:08 -0500	[thread overview]
Message-ID: <42741668.7060001@riverviewtech.net> (raw)
In-Reply-To: <Pine.LNX.4.60.0504301921220.3546@darkstar.sysinfo.com>

> just deny pings to the broadcast address and this can be eliminated, and 
> this can be done in sysctl, does not require iptables rules and overhead.

This will take care of traffic that was destined to a broadcast address, but not traffic that was destined to your IP directly.  I have known many a person say that it is better to DROP the ICMP traffic coming in on your WAN / INet interface so that you don't become part of a DDoS.  Usually the idea behind this is for multiple owned boxen to ping some other box at random with a spoofed source address in the ICMP packet.  This effectively will cause the recipient of the ICMP packets to reply to the system that is to be DDoSed.  This is an issue on the internet at large still these days. It would not take too many owned boxen connected to cable modems or DSL modems (or higher speed connections) spewing out spoofed ICMP packets to ultimately cause a DDoS against an unwilling target.  If the average CM's upload is 512 kbps and you have a 1000 owned boxen spewing out spoofed ICMP echos as fas
 t as they can you would end up with approximately 500 Mbps worth of inbound ICMP echo repl
ies (if the packet that was sent was an ICMP echo request) destined to the one target (assuming that the owned boxen sent with the same spoofed IP).  A LOT of people want to prevent them selves from becoming a reflector in such a DDoS.

Grant. . . .

next prev parent reply	other threads:[~2005-04-30 23:36 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-30  9:53 ICMP types varun_saa
2005-04-30 10:28 ` Sertys
2005-04-29 19:49   ` Ken Hilliard
2005-04-30 12:23     ` Mogens Valentin
2005-04-30 22:35       ` Alexander Samad
2005-04-30 23:40         ` Mogens Valentin
2005-04-30 22:55 ` Taylor, Grant
2005-04-30 23:22   ` R. DuFresne
2005-04-30 23:36     ` Taylor, Grant [this message]
2005-04-30 23:53       ` R. DuFresne
2005-05-01  3:29 ` Dean Anderson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42741668.7060001@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.