nanog mailing list archives
Re: ICMP Attacks???????
From: Alex Rubenstein <alex () nac net>
Date: Fri, 15 Aug 1997 11:47:48 -0400 (EDT)
Yes. It was interesting. My understanding is that what I am about to tell you is old news, but here: Attacker sends a packet with a source address of the victim, with a dest address to the broadcast of a (pick any) network. Every machine on the network will then respond with a ICMP reply to the 'source' (the victim). My understanding is that a 28.8 users could easily fill a T1 (or more) with this method. We have no proof, but someone did this to us from what appears to be a ISDN account from PSI, and filled 6 - 7 mb/s of our Ethernet genuity connection in doing so. It was *not* cool. On Fri, 15 Aug 1997, Network Admin Account wrote:
Has anyone been resently attacked by massive flood pings?????? We are trying to locate any other ISP's or anyone else having the same problem.
Current thread:
- Re: [CISCO] directed-broadcast, ip classless, (continued)
- Re: [CISCO] directed-broadcast, ip classless Josh Beck (Aug 14)
- ICMP Attacks??????? Network Admin Account (Aug 15)
- Re: ICMP Attacks??????? Joe Shaw (Aug 15)
- Re: ICMP Attacks??????? Network Admin Account (Aug 15)
- Re: ICMP Attacks??????? Michael Dillon (Aug 15)
- Re: ICMP Attacks??????? Perry E. Metzger (Aug 15)
- Re: ICMP Attacks??????? Josh Beck (Aug 15)
- Re: ICMP Attacks??????? Perry E. Metzger (Aug 15)
- Re: ICMP Attacks??????? Josh Beck (Aug 15)
- ICMP Attacks??????? Network Admin Account (Aug 15)
- Re: [CISCO] directed-broadcast, ip classless Josh Beck (Aug 14)
- Re: ICMP Attacks??????? Alex "Mr. Worf" Yuriev (Aug 15)
- Re: ICMP Attacks??????? Alex Rubenstein (Aug 15)
- Re: ICMP Attacks??????? Network Admin Account (Aug 15)
- Re: ICMP Attacks??????? Vincent Poy (Aug 15)
- Re: [CISCO] directed-broadcast, ip classless Mark E Larson (Aug 15)
- Message not available
- Re: [CISCO] directed-broadcast, ip classless Ran Atkinson (Aug 14)
- Re: [CISCO] directed-broadcast, ip classless Paul Ferguson (Aug 14)