North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP Attacks???????

  • From: David Ross
  • Date: Sun Aug 17 01:39:55 1997

"Alex.Bligh" writes:
 > [email protected] said:
 > 
 > > Aug 15 20:04:45.087 MST: %SEC-6-IPACCESSLOGDP: list 199 permitted icmp
 > > 1.1.1.1 (Fddi6/0 0060.7017.a188) -> 192.41.177.255 (0/0), 1 packet
 > 
 > I'm pretty sure this is a new feature. Wow. Useful. That's exactly
 > what I wanted. Given you are doing this I take it it's in 11.1.11CA1.
 > 
 > > Hope I haven't overlooked something obvious here .. but I'm sure that
 > > if a did someone will "enlighten" me ;-)  Of course, the one obvious
 > > thing I didn't mention is that if everyone were to deploy ingress
 > > filtering, this would be much, much easier to control.
 > 
 > The other nice solution would be an inverse traceroute that went
 > back to each router in turn, passing it a bit of BPF saying "where
 > are you getting packets like this from please?". If such a protocol
 > existed, this would allow trace back to source (or at least trace
 > back to the point where the protocol wasn't supported) which would
 > automate most of the tracking and reduce the need to persuade
 > NOCs to cooperate. There are obviously security concerns in allowing
 > 3rd parties to remotely apply packet tracking in your network, but
 > I'm sure with a cold flannel applied to forehead these could be
 > worked through. RFC time anyone?
 > 
 > Alex Bligh
 > Xara Networks
 > 
 >