nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICMP Attacks???????

From: Josh Beck <jbeck () connectnet com>
Date: Fri, 15 Aug 1997 12:09:32 -0700 (PDT)
ICMP is only one of a dozen ways to attack people. There is no point
in specially targetting ICMP.


Of course... so you have the capability to turn on logging for certain
protocols or interfaces or whatever for a short time. If someone is seeing
random source addresses ICMP packets for instance, a 20 second sample of a
busy interface can provide enough information to trace this (with hardware
addresses). And this is something that can be done right away. 


In my opinion, the only long term solution here is software that is
"smart" about tracebacks -- that is, can be directed in real time to
log certain classes of traffic.


        It would be nice, but for now logging the hardware addresses along
with the ip addresses would be cool.

Josh Beck                                         jbeck () connectnet com
----------------------------------------------------------------------
CONNECTNet INS, Inc.      Phone: (619)450-0254      Fax: (619)450-3216
6370 Lusk Blvd., Suite F-208                       San Diego, CA 92121
----------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: