Steve Lang wrote:
> I've observed a strange behaviour recently, whereby someone with a high
> speed Internet Connection and a Win95/NT machine sends Large numbers of
> Large ICMP's around the world.
> At times, this has been measured at 350Kb/sec entering our network, from the
> other side of the planet. Now, with a cisco (IOS 10.2(5)) in the appropriate
> place, of course the offender can be repelled/blocked with a specific
> exclusion, and the necessary network police notified etc.
> However, is it possible to block ICMP Continuation messages? These are only
> valid (afaik) when an icmp is larger than one packet, but I may be wrong here.
> Can we explicitly block any particular type of packet that is part of a much
> larger packet?
> E.g.. (many many many of these per second)
> 22.214.171.124 -> wh3003.wave.co.nz ICMP continuation ID=104
> 126.96.36.199 -> wh3003.wave.co.nz ICMP continuation ID=360
> 188.8.131.52 -> wh3003.wave.co.nz ICMP continuation ID=616
> These are awfully easy to generate.... and very effective at network
> saturation, even if your hosts and routers are secured against the oversize
> ping packets.
> Any ideas?
> Cheers -
> Steve Lang, Wave internet services, Hamilton
> Fax: +64-7-838-0977 Voice: +64-7-839-1291 or 0800-80-9283
> EMail: slang @
nz or slang @
Are you using multi-user boards in your main server such as boca, digi
Donald R. Guillot