Re: Ping flood? Whats the point?

[Don () TECHISG ORG (Don)]

Well, I experienced the same problem myself once. Since the number of
IP's is too large, it can't be possible for the flooder too "own" them
all.
My conclusion was that it are spoofed IP's comming from one or several
hosts. Because all IP's are random and spoofed it will not be possible
to trace them.
It's most likely the flooder is trying to flood you down so that it's
impossible for the target host to do anything.

I have seen several programms capable of doing this, one of them is
"trinnoo flood network" or something like this. It opperates by running
client software on computers which can be triggered by a server and then
the flooding begins.

As far as I know there's nothing you can do to trace the flooder...
(could it be possible to trace via ARP stuff?)

--

_________________________
|Don                    |
|Don () TechISG org        |
|TechISG Organization   |
|http://www.TechISG.org |
-------------------------

Bill Pennington wrote:
> A few moments ago my firewall logs started filling up with messages
> below. Basiclly ICMP Echos for all over the place. I have not had a lot
> of time to research but it seems like a fairly random IP address
> distribution and the few that I looked up seemed to originate from .kr
> and .ar
> should I assume that all these boxes have been comprimised? Should I
> attempt to contact all the owners? What is the attacker trying to
> accomplish? Below is a small portion of the log file.
> *snip*
> --
>
> Bill Pennington
> IT Manager
> Rocketcash
> billp () rocketcash com
> http://www.rocketcash.com