North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ICMP Attacks???????
"Alex.Bligh" writes: > [email protected] said: > > > Aug 15 20:04:45.087 MST: %SEC-6-IPACCESSLOGDP: list 199 permitted icmp > > 1.1.1.1 (Fddi6/0 0060.7017.a188) -> 192.41.177.255 (0/0), 1 packet > > I'm pretty sure this is a new feature. Wow. Useful. That's exactly > what I wanted. Given you are doing this I take it it's in 11.1.11CA1. > > > Hope I haven't overlooked something obvious here .. but I'm sure that > > if a did someone will "enlighten" me ;-) Of course, the one obvious > > thing I didn't mention is that if everyone were to deploy ingress > > filtering, this would be much, much easier to control. > > The other nice solution would be an inverse traceroute that went > back to each router in turn, passing it a bit of BPF saying "where > are you getting packets like this from please?". If such a protocol > existed, this would allow trace back to source (or at least trace > back to the point where the protocol wasn't supported) which would > automate most of the tracking and reduce the need to persuade > NOCs to cooperate. There are obviously security concerns in allowing > 3rd parties to remotely apply packet tracking in your network, but > I'm sure with a cold flannel applied to forehead these could be > worked through. RFC time anyone? > > Alex Bligh > Xara Networks > >
|