North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Ping flooding (fwd)

  • From: Larry J. Plato
  • Date: Tue Jul 09 04:32:34 1996

Michael,

IMHO, there are two seperate issues here.

 - better tools would be nice.  Although I think tracking packets
   would be too CPU intensive for today's routers I do think having
   such a feature would be a good thing.  The RAM/ROM to hold the extra
   microcode is cheap, and if it can be turned off/on at will I see no
   harm in having it.  When someone will have time to add the code is
   a seperate issue.

 - why can't my [NSP | TelCo | GME (Godlike Monolithic Entity)] provide
   me with data on who is spamming my net.  I think that is a seperate
   issue.  The TELCOs have an advantage here in that it is MUCH harder
   to fake caller ID than to fake ICMP headers.  I would be willing to bet
   that if someone who really knew their way around the SS7 network decided to
   make your life difficult Ma Bell would have a hell of a hard time
   tracking them down.  Most of the TELCO switchmen I have dealt with 
   could not trace a phone call with any reliability.  At this point
   it requires a fair amounf of time, from a fair amount of talented
   people to track this stuff down.  In all the cases I dealt with,
   people from many service providers were very cooperative if the
   denial of service attack was in progress.  After the fact people
   seemed to expend effort to the extent they felt they could help.
   Which for most people is 0 (after the fact it is pretty hard to
   say who denied what to whom with any certainy)

This is the way it is, but not the way it must always be.

Feel free to talk to the router vendor of choice and explain to
them that this functionality is important to you.  In the mean
time, I hope you will excuse me while I go off and cope with my 
own problems.  I honestly wish you the best of luck in your endeavors,

G'night

Larry Plato


> 
> On Tue, 9 Jul 1996, Nevin Williams wrote:
> 
> > > Why not? Don't telcos do this?
> > > Or if your answer is that telcos only do it for the police and not for
> > > each other, then my question would be why can't we form an Internet
> > > equivalent, maybe affiliated with something like CERT, that can make these
> > > requests and with whom NSP's would cooperate.
> > 
> > What sort of incentive or penalty do you think would enable this
> > cooperation?
> 
> Screwed up networks give the whole industry a bad name. It is in everyones
> economic best interests to make the network operate fast and reliably.
> 
> Michael Dillon                                   ISP & Internet Consulting
> Memra Software Inc.                                 Fax: +1-604-546-3049
> http://www.memra.com                             E-mail: [email protected]
> 

- - - - - - - - - - - - - - - - -