Re: Ping flooding (fwd)

[Michael Dillon <michael () memra com>]

On Mon, 8 Jul 1996, George Eddy wrote:

> yes, forging a ping attack is pretty easy and can be done from
> anywhere with any source address (of course, who knows where the
> responses will end up), the routing proximity is irrelavant, since the
> source is not looked at (unless filters have been put in place, such
> as what the upstream provider has apparently done).
>
> the only _I can think of_ in tracking it down, would be to backtrack
> the possible paths into the router.  either by sniffing the possible
> lines coming into router, or by temporarily disabling icmp echo reqs.
> from all but one incoming line, until you've found the offending line,
> continuing back.
>
> of course this may be impossible in many cases since you probably
> don't have access to the equipment (or cooperation) outside of your
> domain. 

OK. So what if somebody is currently planning a ping battle on the global
Internet, kind of like corewars in the netwrk. Then what? Do the NSP's all
roll over and play dead?

If I were to crosspost this reply to alt.2600 it wouldn't take long to
happen you know. BTW, I won't be crossposting it there, but you get the
idea, security by obscurity, etc...

Is anyone working on tools to help NSP's quickly backtrack this kind of
thing?

Michael Dillon                                   ISP & Internet Consulting
Memra Software Inc.                                 Fax: +1-604-546-3049
http://www.memra.com                             E-mail: michael () memra com

- - - - - - - - - - - - - - - - -