Access Lists

Hello All,

I have a customer who is being ping-flooded. His bandwidth is being
sucked up due to these floods, and wishes me to block them on my router.
I am somewhat reluctant to do this, since it goes against our policy;
however, the customer has been very patient with us on this issue and
his patience is running out.

I would be implementing on a Cisco 7507, with 3 T-3s to the Internet,
and the customer hangs off the router on a T-1. What is the general
consensus on providing such a service, particularly in terms of
processing overhead and manageability. Is there another way to prevent
this type of attack, aside from watching packets go by and trying to
trace it back through the source. The source IPs are spoofed.

Christian Martin

You could just withdraw your BGP announcement for the net being attacked
and suddenly the attack packets will die at the first router without a
default route on their way to the victim.