nanog mailing list archives
Re: Ping flooding (fwd)
From: Per Gregers Bilse <bilse () EU net>
Date: Tue, 9 Jul 1996 21:07:42 +0200
On Jul 9, 14:21, Curtis Villamizar <curtis () ans net> wrote:
The NSS routers allow us to do statistical sampling continuously and the occurance of a source address at an entry point where it does not usually enter can be detected and has in the past been used to followup these sort of attacks after the fact. Other routers are not capable of doing this but if the offense is repeated, successive monitoring can be set up until the source is isolated. We have requested the same sort of statistical sampling from Cisco and Bay (and BNR/NSC). It is a long ways back on the development schedule
Maybe I'm missing something, but flow switching stats from Ciscos should do exactly this: SrcIf SrcIPaddress DstIf DstIPaddress Pr DstP SrcP Pkts B/Pk Active Se1/0 194.130.16.17 Se1/6 130.144.65.1 11 0035 0035 2 69 0.0 Et0/2 193.122.198.1 Se1/1 128.218.14.87 06 0050 0FA3 2 40 0.0 Se1/5 130.144.65.1 Se1/0 194.130.16.17 11 0035 0035 2 69 0.0 Se1/1 153.36.40.52 Et0/1 193.74.242.1 06 0413 0050 4 44 9.6 Se1/5 194.178.24.22 Se1/7 146.228.10.11 06 0407 0050 124 40 207.6 Se1/7 146.228.10.11 Se1/6 194.178.24.22 06 0050 0405 648 550 673.4 Se1/5 194.165.95.69 Se1/0 205.216.146.69 06 0430 0050 5 164 6.2 etc, etc. Dump, then grep. -- ------ ___ --- Per G. Bilse, Mgr Network Operations Ctr ----- / / / __ ___ _/_ ---- EUnet Communications Services B.V. ---- /--- / / / / /__/ / ----- Singel 540, 1017 AZ Amsterdam, NL --- /___ /__/ / / /__ / ------ tel: +31 20 6233803, fax: +31 20 6224657 --- ------- 24hr emergency number: +31 20 421 0865 --- Connecting Europe since 1982 --- http://www.EU.net e-mail: bilse () EU net - - - - - - - - - - - - - - - - -
Current thread:
- Re: Ping flooding (fwd), (continued)
- Re: Ping flooding (fwd) Paul A Vixie (Jul 08)
- Re: Ping flooding (fwd) Curtis Villamizar (Jul 09)
- Re: Ping flooding (fwd) Daniel W. McRobb (Jul 08)
- Re: Ping flooding (fwd) Michael Dillon (Jul 08)
- Re: Ping flooding (fwd) Daniel W. McRobb (Jul 08)
- Re: Ping flooding (fwd) Michael Dillon (Jul 08)
- Re: Ping flooding (fwd) Nevin Williams (Jul 08)
- Re: Ping flooding (fwd) Michael Dillon (Jul 09)
- Re: Ping flooding (fwd) Larry J. Plato (Jul 09)
- Re: Ping flooding (fwd) Curtis Villamizar (Jul 09)
- Re: Ping flooding (fwd) Per Gregers Bilse (Jul 09)
- Re: Ping flooding (fwd) Daniel W. McRobb (Jul 09)
- Re: Ping flooding (fwd) Per Gregers Bilse (Jul 09)
- Re: Ping flooding (fwd) Daniel W. McRobb (Jul 09)
- Re: Ping flooding (fwd) Per Gregers Bilse (Jul 09)
- Re: Ping flooding (fwd) Daniel W. McRobb (Jul 09)
- Re: Ping flooding (fwd) Per Gregers Bilse (Jul 10)
- Re: Ping flooding (fwd) John Hawkinson (Jul 10)
- Re: Ping flooding (fwd) Per Gregers Bilse (Jul 10)
- Re: Ping flooding (fwd) Daniel W. McRobb (Jul 09)
- Re: Ping flooding (fwd) Curtis Villamizar (Jul 09)