> On Mon, 23 Feb 1998, David Denney wrote:
>
> > On Saturday night my company fell victim to a DoS attack that completely
> > sacked all three of our pipes (a T3 and two T1s). The resultant ethernet
> > traffic made even our 100bTx local network unusable because of the
> > attacker was flooding multiple portmasters on unreachable IP addresses.
> > Every packet they sent bounced around our network until its TTL was
> > reached. When is this disastrous behavior going to be fixed??
>
> So put a filter on each PM saying that packets destined for addresses in
> the assigned pool cannot leave via ether0.
>
>
or put in a blackhole route with a metric of 15 or so in the portmaster
that will forward the packets to an unoccupied ip address. That's what I
did here.
later
Kelley
PS - I do agree that the behaviour isn't right, it should drop these
packets or ditch them accordingly or something, anything besides that 30
hop volley back and forth..
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>