Re: ICMP nukes?

[ccdes () ccdes princeton nj us (Carl Corey)]

> % I believe that a majority of the packets "nuking" connections out there are
> % not perfect fakes; they are distinguishable from the real thing.
>
> And how do you spot that which makes them distinguishable from the
> real thing?

Not sure, i've never done anything on the topic.  I believe that the
widely-distributed nuke.c program's packets (hope I don't over-simplify
this) are FROM the "nuker", but say that the HOST is unreach.  So basically
I believe that newer versions of Cisco software check to see if the ICMP
UNREACH is on the same subnet as the host which is unreachable.  Something
like that; I was in a detailed discussion about it a few months ago but
that's all I remember, and that might be a little off.

cc