nanog mailing list archives
Re: [nsp] known networks for broadcast ping attacks
From: "Alex.Bligh" <amb () xara net>
Date: Thu, 31 Jul 1997 09:32:22 +0100
At 7:56 PM +0100 7/30/97, Alex.Bligh wrote:Urm, 192.41.177.255 is the MAE-East LAN ?! Are you saying attacks are being mounted from here or people are attacking this LAN (not sure which is more worrying)The LAN is being used indirectly to attack another network. Pings are spoofed as originating from the machine that is being attacked and sent to the broadcast address on another network. This causes every machine on the receiving network to send an ECHO_RESPONSE to the machine being attacked, esentially creating a huge multiplying effect on a ping flood attack. Apparently, the MAE-East LAN is one of the networks that attackers are using to flood other hosts.
Right. Well that's how I read it too. And just to make sure this thread is indeed operations related, I'll make the following points: 1. Send a Cisco enough (a thousand a second) ICMP ECHO REQUESTS, and it takes CPU to 99% and drops all BGP sessions. Tested on a C7010. 2. Various routers on MAE-East have been mysteriously clearing all their BGP peers over the past week or two. 3. The attack mentioned causes a lot of ICMP ECHO REQUESTS to be sent to Cisco routers on MAE-East. Are these facts by any chance related? I think we should be told. Or, urm, find out. On with that logging ACL. Alex Bligh Xara Networks
Current thread:
- Re: [nsp] known networks for broadcast ping attacks, (continued)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Paul Ferguson (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Netstat Webmaster (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Michael Shields (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Jon Lewis (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Joe Rhett (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Netstat Webmaster (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)