nanog mailing list archives
Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
From: Phil Howard <phil () charon milepost com>
Date: Mon, 29 Dec 1997 08:12:13 -0600 (CST)
Alex P. Rudnev writes...
What are you talking about? If they have NETFLOW switching and NETFLOW accounting, it's easy to search for the router originated for the SMURF/initialised packets (this packets can be searched by the such list, or by the simular search pattern): xxx permit ip any 0.0.0.255 255.255.255.0 log And then it takes 5 minutes to look for the originating interface.
Yeah. And that leads to another router, then another, then another. How about automating the process. That's what it looks like DoStracker does. As was pointed out to me, if I have just one or two routers or one or two links into the Internet, then I can easily find where the attack is coming from. But if I have a large complex network ... -- Phil Howard | crash547 () no41ads6 com no63ads9 () spammer7 edu stop1ads () no9place edu phil | end3ads6 () no79ads0 com no6spam8 () dumbads1 org stop6it2 () dumbads7 edu at | no43ads7 () noplace1 net no44ads3 () no40ads8 net suck8it0 () s0p5a7m7 com milepost | stop7ads () dumbads7 edu w0x2y8z4 () dumb5ads edu no7way22 () anywhere net dot | no6spam4 () no6where com eat2this () lame2ads edu ads8suck () dumb2ads net com | no2spam2 () s2p0a9m8 com suck0it2 () no14ads4 net blow9me7 () noplace5 com
Current thread:
- Re: smurf, the MCI-developed tracing tools, (continued)
- Re: smurf, the MCI-developed tracing tools Karl Denninger (Dec 29)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Bradley Reynolds (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Paul Ferguson (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Ken Leland (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Dalvenjah FoxFire (Dec 28)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Alex P. Rudnev (Dec 31)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Phil Howard (Dec 29)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Alex P. Rudnev (Dec 31)
- Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Dale Drew (Dec 27)
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Reid B. Fishler (Dec 27)
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Phil Howard (Dec 27)
- Message not available
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Jay R. Ashworth (Dec 28)
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Jeff Stehman (Dec 30)
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Andrew Smith (Dec 30)
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Jeff Stehman (Dec 30)
- Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Darin Wayrynen (Dec 27)