North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Ping flooding (fwd)
On Mon, 8 Jul 1996, George Eddy wrote: > yes, forging a ping attack is pretty easy and can be done from > anywhere with any source address (of course, who knows where the > responses will end up), the routing proximity is irrelavant, since the > source is not looked at (unless filters have been put in place, such > as what the upstream provider has apparently done). > > the only _I can think of_ in tracking it down, would be to backtrack > the possible paths into the router. either by sniffing the possible > lines coming into router, or by temporarily disabling icmp echo reqs. > from all but one incoming line, until you've found the offending line, > continuing back. > > of course this may be impossible in many cases since you probably > don't have access to the equipment (or cooperation) outside of your > domain. OK. So what if somebody is currently planning a ping battle on the global Internet, kind of like corewars in the netwrk. Then what? Do the NSP's all roll over and play dead? If I were to crosspost this reply to alt.2600 it wouldn't take long to happen you know. BTW, I won't be crossposting it there, but you get the idea, security by obscurity, etc... Is anyone working on tools to help NSP's quickly backtrack this kind of thing? Michael Dillon ISP & Internet Consulting Memra Software Inc. Fax: +1-604-546-3049 http://www.memra.com E-mail: [email protected] - - - - - - - - - - - - - - - - -
|