Has anyone seen anything like this before? For the life of me I can’t seem to stop them. Packet rates for some machines will get over 6000, and it basically brings my network to a crawl. Since there are no return packets, I can’t get a good feed on what is really going on here. HELP PLEASE!! These are all icmp packets by the way.
Is the network slow because the router is too busy or your bandwidth is all used up? If so contact your provider and describe the problem and work with them to get the attack stopped upstream.
If the router is working fine and it’s just the inside network being overwhelmed drop icmp on the router.
If the attack is sourced from inside your network, block it at the edge.
I am the provider. What I am trying to do is stop these packets from clogging up the processing power of the backhaul link that feeds this particular router. I believe these are fragmented icmp packets. I have conntracking enabled, so how can I stop these packets? Do I need to disable connection tracking?
Oh, I see. I’d probably start with finding the entry point and rate limiting icmp there (permit incoming icmp that isn’t established at a reasonable rate and drop the rest). Then find the owners of the offending IPs and contact them for resolution.