Security Incidents mailing list archives
Re: Ping flood? Whats the point?
From: cdp () PEAKPEAK COM (Chuck Phillips)
Date: Sat, 5 Feb 2000 12:06:57 -0700
Andy David writes:
The ip's of course were spoofed, but the only way I was really able to tell was after decoding some of the packets my firewall captured (from different ip's) I found that the senders MAC address was identical throughout the entire attack.
A common MAC address is to be expected if there is a common router between
you and the different IPs, spoofed or not. MAC addresses are useful for
debugging non-malicious problems on your local network and not a lot more.
Further, if someone r00ts a machine on your local network, even the MAC
address can be spoofed. Most modern NICs allow this. This "feature"
allows transparent fail over (no routing/arp changes), but it would be nice
if this feature required a _physical jumper change_ to enable and were
*not* enabled by default. Oh, well. Maybe someday the manufacturers will
catch on to this.
Chuck
Current thread:
- Ping flood? Whats the point? Bill Pennington (Feb 01)
- Re: Ping flood? Whats the point? Ryan Sweat (Feb 02)
- <Possible follow-ups>
- Re: Ping flood? Whats the point? Don (Feb 02)
- tracing spoofing (Was Re: Ping flood? Whats the point?) Dragos Ruiu (Feb 03)
- Re: Ping flood? Whats the point? Andy David (Feb 03)
- Re: Ping flood? Whats the point? Bill Pennington (Feb 05)
- Re: Ping flood? Whats the point? Russell Fulton (Feb 06)
- Re: Ping flood? Whats the point? Chuck Phillips (Feb 05)
- Re: Ping flood? Whats the point? Kerry Baker (Feb 07)
- Re: Ping flood? Whats the point? Filip M. Gieszczykiewicz (Feb 08)
- Re: Ping flood? Whats the point? Kerry Baker (Feb 08)
- Re: Ping flood? Whats the point? Russell Fulton (Feb 09)
- Re: Ping flood? Whats the point? Thomas Vincent (Feb 09)
- Re: Ping flood? Whats the point? Filip M. Gieszczykiewicz (Feb 09)
- Re: Ping flood? Whats the point? Kerry Baker (Feb 07)