North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP Attacks???????

  • From: Josh Beck
  • Date: Fri Aug 15 15:47:15 1997

> ICMP is only one of a dozen ways to attack people. There is no point
> in specially targetting ICMP.

Of course... so you have the capability to turn on logging for certain
protocols or interfaces or whatever for a short time. If someone is seeing
random source addresses ICMP packets for instance, a 20 second sample of a
busy interface can provide enough information to trace this (with hardware
addresses). And this is something that can be done right away. 

> In my opinion, the only long term solution here is software that is
> "smart" about tracebacks -- that is, can be directed in real time to
> log certain classes of traffic.

	It would be nice, but for now logging the hardware addresses along
with the ip addresses would be cool.

Josh Beck                                         [email protected]
CONNECTNet INS, Inc.      Phone: (619)450-0254      Fax: (619)450-3216
6370 Lusk Blvd., Suite F-208                       San Diego, CA 92121