|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ICMP Attacks???????
> ICMP is only one of a dozen ways to attack people. There is no point > in specially targetting ICMP. Of course... so you have the capability to turn on logging for certain protocols or interfaces or whatever for a short time. If someone is seeing random source addresses ICMP packets for instance, a 20 second sample of a busy interface can provide enough information to trace this (with hardware addresses). And this is something that can be done right away. > In my opinion, the only long term solution here is software that is > "smart" about tracebacks -- that is, can be directed in real time to > log certain classes of traffic. It would be nice, but for now logging the hardware addresses along with the ip addresses would be cool. Josh Beck [email protected] ---------------------------------------------------------------------- CONNECTNet INS, Inc. Phone: (619)450-0254 Fax: (619)450-3216 6370 Lusk Blvd., Suite F-208 San Diego, CA 92121 ----------------------------------------------------------------------
|