nanog mailing list archives
Re: New Internet-draft on DDOS defense...
From: owen () dixon delong sj ca us (Owen DeLong)
Date: Fri, 12 May 2000 08:08:38 -0700
On Thu, 11 May 2000, Owen DeLong wrote:Right answer, wrong reason. The originating host will be easy to identify because the MAC address of the originating machine of the ECHO-REQUEST packets will be contained in the packets.I have to strongly disagree, MAC addresses don't make it across router boundaries, source IP addresses do.Besides, MAC addresses are quite often changeable.
Source IP's are even easier to modify than source MAC addresses. However, at least on a switched LAN, most switches provide some way to show the MAC forwarding table. As such, you can at least isolate which port the packets are originating from. Owen
Current thread:
- Re: New Internet-draft on DDOS defense..., (continued)
- Re: New Internet-draft on DDOS defense... Paul Ferguson (May 11)
- Re: New Internet-draft on DDOS defense... Brett Frankenberger (May 11)
- Re: New Internet-draft on DDOS defense... Paul Ferguson (May 12)
- Re: New Internet-draft on DDOS defense... Vipul Shah (May 11)
- Re: New Internet-draft on DDOS defense... Brandon Ross (May 11)
- Re: New Internet-draft on DDOS defense... Vipul Shah (May 11)
- Re: New Internet-draft on DDOS defense... Vipul Shah (May 12)
- Re: New Internet-draft on DDOS defense... Jerry Scharf (May 12)
- Re: New Internet-draft on DDOS defense... Brandon Ross (May 12)
- Re: New Internet-draft on DDOS defense... Steven M. Bellovin (May 12)
- Re: New Internet-draft on DDOS defense... Owen DeLong (May 12)
- Re: New Internet-draft on DDOS defense... Vipul Shah (May 16)
- Re: New Internet-draft on DDOS defense... Richard Steenbergen (May 19)