nanog mailing list archives

Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement)

From: Bradley Reynolds <brad () b63695 student cwru edu>
Date: Sun, 28 Dec 1997 19:40:18 -0500 (EST)

Huh?
ICMP floods vs TCP floods. Aren't they both IP or have I missed something
glaringly obvious.

Yes, both are independent of the network layer protocol which
operates beneath them (which in this case is IP)

The difference is that you can filter icmp seperately from tcp
to give you some sort of granularity with your acl policy.  This
is important in that if you deny icmp traffic to a specific segment
of your network (or in from your serial interface for the
whole thing) you are still vulnerable to the publicized attacks
which exploit vulnerabilities inherent in TCP.  

The whole point for this discussion was that you should be
a responsible network administrator and understand the trouble
you could cause the people you are connected to.  Once you understand
that, you can take use the facilities that your vendor provides
to limit the damage so to speak.  

BR

brad reynolds
ber () cwru edu

Current thread:

Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement), (continued)
- - - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 27)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Phil Howard (Dec 27)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 27)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Ken Leland (Dec 27)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 27)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Ken Leland (Dec 27)
    - Re: smurf, the MCI-developed tracing tools Dax Kelson (Dec 28)
    - Re: smurf, the MCI-developed tracing tools Karl Denninger (Dec 29)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 28)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 28)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Bradley Reynolds (Dec 28)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Adrian Chadd (Dec 28)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Karl Denninger (Dec 28)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Paul Ferguson (Dec 28)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Ken Leland (Dec 28)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Dalvenjah FoxFire (Dec 28)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Alex P. Rudnev (Dec 31)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Phil Howard (Dec 29)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Alex P. Rudnev (Dec 31)
    - Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement) Dale Drew (Dec 27)
    - Re: Bogus announcement of 205.164.62.0/24 by AGIS - CLEARED Reid B. Fishler (Dec 27)

(Thread continues...)