North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Ping flooding (fwd)
Hi, >yes, forging a ping attack is pretty easy and can be done from >anywhere with any source address Yeah, but forging TCP syn attacks are more fun (fill up those TCBs). Denial of service attacks are a real pain, particularly as they are so easy to implement and so hard to defend against. Of course, this isn't limited to the Internet (as a person who has been victimized by a rapid redailing fax machine at 4:00 AM can attest). >the routing proximity is irrelavant, since the >source is not looked at (unless filters have been put in place, such >as what the upstream provider has apparently done). About the only way you can stop this attack would be for ISPs to filter out bogus source addresses from their customers. Of course, then the mobile IP people would whine. However, given a future of more attacks of this nature, I think the mobile IP people are going to lose. Cheers, -drc - - - - - - - - - - - - - - - - -
|