nanog mailing list archives

Re: New Internet-draft on DDOS defense...

From: owen () dixon delong sj ca us (Owen DeLong)
Date: Fri, 12 May 2000 08:08:38 -0700

On Thu, 11 May 2000, Owen DeLong wrote:

Right answer, wrong reason.  The originating host will be easy to identify
because the MAC address of the originating machine of the ECHO-REQUEST
packets will be contained in the packets.


I have to strongly disagree, MAC addresses don't make it across router
boundaries, source IP addresses do.


Besides, MAC addresses are quite often changeable.


Source IP's are even easier to modify than source MAC addresses.  However,
at least on a switched LAN, most switches provide some way to show the
MAC forwarding table.  As such, you can at least isolate which port
the packets are originating from.

Owen

Current thread:

Re: New Internet-draft on DDOS defense..., (continued)
- - - Re: New Internet-draft on DDOS defense... Paul Ferguson (May 11)
- Re: New Internet-draft on DDOS defense... Brett Frankenberger (May 11)
  - Re: New Internet-draft on DDOS defense... Paul Ferguson (May 12)
- Re: New Internet-draft on DDOS defense... Vipul Shah (May 11)
  - Re: New Internet-draft on DDOS defense... Brandon Ross (May 11)
- Re: New Internet-draft on DDOS defense... Vipul Shah (May 11)
- Re: New Internet-draft on DDOS defense... Vipul Shah (May 12)
  - Re: New Internet-draft on DDOS defense... Jerry Scharf (May 12)
- Re: New Internet-draft on DDOS defense... Brandon Ross (May 12)
- Re: New Internet-draft on DDOS defense... Steven M. Bellovin (May 12)
- Re: New Internet-draft on DDOS defense... Owen DeLong (May 12)
- Re: New Internet-draft on DDOS defense... Vipul Shah (May 16)
- Re: New Internet-draft on DDOS defense... Richard Steenbergen (May 19)