North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP Attacks???????

  • From: Perry E. Metzger
  • Date: Fri Aug 15 14:27:38 1997

Michael Dillon writes:
> >> Has anyone been resently attacked by massive flood pings??????  We are
> >> trying to locate any other ISP's or anyone else having the same problem.
> >flooded by the replies.  I'd just go to a few of your machines and do a
> >netstat on them, then dump the data to a file and see if you can see where
> >all the ICMP packets are coming from.  When you find out, it's time to get
> And just how do you identify the source of the ICMP packets when the source
> address is forged?

Trace it back, painfully, hop by hop by hop.

> I'm not sure what can be done to make this easier but I have a few ideas.

I have some too, but this isn't really the forum...