Help: Dropping packets for not-in-use IPs
I've got a strange thing happening with one of my USR HiperArcs. Someone, somewhere, is trying to DDOS a dialup customer's IP address. This is annoying enough, but that IP isn't even in use right now. So the packets just keep bouncing back and forth around my office. Traceroutes just keep going back'n'forth between the USR and its gateway, each of which thinks the other is the right place for this packet to be. Is there a way to convince the HiperArc that it's the "final" destination for all the addresses in its IP pools, and to drop packets destined for IPs in that pool that aren't connected right now? (If this is too vague, let me know and I'll gladly provide any extra details needed.) Thanks! David Smith MVN.net
On Friday 06 August 2004 11:10 am, David E. Smith wrote:
I've got a strange thing happening with one of my USR HiperArcs. Someone, somewhere, is trying to DDOS a dialup customer's IP address.
This is annoying enough, but that IP isn't even in use right now. So the packets just keep bouncing back and forth around my office. Traceroutes just keep going back'n'forth between the USR and its gateway, each of which thinks the other is the right place for this packet to be.
Is there a way to convince the HiperArc that it's the "final" destination for all the addresses in its IP pools, and to drop packets destined for IPs in that pool that aren't connected right now?
(If this is too vague, let me know and I'll gladly provide any extra details needed.)
If you are using RIP or OSPF this shouldn't happen. I think if you are using static routes then your router's table has a listing for those IP's with your ARC's address. Your ARC see's the IP as disc so sends the packet back. So, I guess you could use rip to get around it. Of course, I could be full of it and have a misunderstanding of how the whole thing works. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 325-695-6962 ext 301 800-299-6962
I'm may be full of it as well, but this might help you. Total Control HiPer ARC - How to prevent a routing loop between the Total Control HiPer ARC and gateway router. Question Total Control HiPer ARC - How to prevent a routing loop between the Total Control HiPer ARC and gateway router. This problem is caused when the gateway router is trying to send traffic to an IP address in the HiPer ARC's ip pool but the address is no longer in use. When this happens the HiPer ARC sends the packet back to the gateway router and the routing loop begins. Answer Issue the following command from the HiPer ARC command line. HiPer>>enable ip send_host_unreach_for_pool This command is supported only on HiPer ARC code 4.1.72 and newer code. -----Original Message----- From: usr-tc-bounces+adam=semo.net@mailman.xmission.com [mailto:usr-tc-bounces+adam=semo.net@mailman.xmission.com] On Behalf Of David E. Smith Sent: Friday, August 06, 2004 11:11 AM To: usr-tc@mailman.xmission.com Subject: [USR-TC] Help: Dropping packets for not-in-use IPs I've got a strange thing happening with one of my USR HiperArcs. Someone, somewhere, is trying to DDOS a dialup customer's IP address. This is annoying enough, but that IP isn't even in use right now. So the packets just keep bouncing back and forth around my office. Traceroutes just keep going back'n'forth between the USR and its gateway, each of which thinks the other is the right place for this packet to be. Is there a way to convince the HiperArc that it's the "final" destination for all the addresses in its IP pools, and to drop packets destined for IPs in that pool that aren't connected right now? (If this is too vague, let me know and I'll gladly provide any extra details needed.) Thanks! David Smith MVN.net _______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
participants (3)
-
Adam Barnhill -
David E. Smith -
Lewis Bergman