Security Incidents mailing list archives
Re: Ping flood? Whats the point?
From: r.fulton () AUCKLAND AC NZ (Russell Fulton)
Date: Mon, 7 Feb 2000 09:16:20 +1300
On Thu, 3 Feb 2000 20:00:33 CST Andy David <genex69 () HOTMAIL COM> wrote:
I have also experienced this sort of attack. I figured it to be a modified version of stream.c. The only way I was able to make anysense of the flood was that my firewall saved some packets....well alot in this case. The ip's of course were spoofed, but the only way I was really able to tell was after decoding some of the packets my firewall captured (from different ip's) I found that the senders MAC address was identical throughout the entire attack.
The source MAC address your FW sees will be the MAC address of the adjacent network node (probably your ISP's router) not the MAC address of the machine that originally sent the packets. So the fact that they are all the same isn't significant. Cheers, Russell.
Current thread:
- Ping flood? Whats the point? Bill Pennington (Feb 01)
- Re: Ping flood? Whats the point? Ryan Sweat (Feb 02)
- <Possible follow-ups>
- Re: Ping flood? Whats the point? Don (Feb 02)
- tracing spoofing (Was Re: Ping flood? Whats the point?) Dragos Ruiu (Feb 03)
- Re: Ping flood? Whats the point? Andy David (Feb 03)
- Re: Ping flood? Whats the point? Bill Pennington (Feb 05)
- Re: Ping flood? Whats the point? Russell Fulton (Feb 06)
- Re: Ping flood? Whats the point? Chuck Phillips (Feb 05)
- Re: Ping flood? Whats the point? Kerry Baker (Feb 07)
- Re: Ping flood? Whats the point? Filip M. Gieszczykiewicz (Feb 08)
- Re: Ping flood? Whats the point? Kerry Baker (Feb 08)
- Re: Ping flood? Whats the point? Russell Fulton (Feb 09)
- Re: Ping flood? Whats the point? Thomas Vincent (Feb 09)
- Re: Ping flood? Whats the point? Filip M. Gieszczykiewicz (Feb 09)
- Re: Ping flood? Whats the point? Kerry Baker (Feb 07)