Re: Ping flooding (fwd)

[Curtis Villamizar <curtis () ans net>]

In message <199607092210.MAA09327 () ns oceanic com>, Doug Stanfield writes:
> These garbage packets are flooding through somebodies network to get to the
> target.  I'd think it would benefit the intervening operators to eliminate
> traffic tthat is harmful, probably illegal, and wasting the resource they
> sell, bandwidth.
> Doug Stanfield          "The significant problems we face cannot be solved
> Oceanic Cable            at the same level of thinking we were at when we
> Project Engineer         created them."  - Albert Einstein 
> dougs () oceanic com        (808) 625-8455   fax (808) 625-5888


If the traffic passes through ANS, call the NOC or send e-mail to
trouble () ans net.  We can generally tell you where the traffic came
into ANS, even after the fact.  You then go to the next NOC down the
line.  Repeat until completed.

No it isn't automated and brief attacks would be tough but that the
state of things and it has been sufficient.  You typically need to go
through one or two providers and then a site or campus and maybe
department before getting to the source machine.

I've only been rarely and mostly peripherally involved in followup but
I do remember a number of other providers being extremely cooperative
to the point of physically moving workstations to act as sniffers,
though they did need to set up monitoring to trace things further.

I seem to remember a number of cases that were traced as being
recurring cases of badly broken software rather than attacks, like
boxes that didn't like multicast and crashed and spewed garbage.  This
latest incident could be the same.

Curtis
- - - - - - - - - - - - - - - - -