North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Denial of Service Attack on Panix

  • From: Perry E. Metzger
  • Date: Tue Sep 17 00:40:33 1996

"Craig A. Huegen" writes:
> ==>If Cisco routers had TCPDUMP capability this would be a lot simpler.  If
> ==>all the routers in the universe had TCPDUMP, and all the router operators
> ==>had eachother's phone numbers, we could track this to the source in less
> ==>than five minutes.  Alas, the misfit teenagers of the underworld have
> ==>caught us without any of the tools we need be able to track this down.
> 
> cisco routers do have tcpdump capability.

Not really. You can dump packets, but you can't do what you really
need to do, which is snapshot all the packets in a binary format with
microsecond timestamps and then run BPF style filters over them to
isolate small sections of the traffic you are interested in. If you
can't run automated tools over the raw packets its hard to catch some
of the needed subtleties.

Of course, what you have is indeed better than nothing.

Perry
- - - - - - - - - - - - - - - - -