North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP Attacks???????

  • From: Vadim Antonov
  • Date: Sun Aug 17 22:59:51 1997

Just for the record -- the first description of such mechanism
is in Sep 95 draft for TRAP ICMP:

   "Trace Back messages
   allow to locate the source of a stream of packets even if they
   carry incorrect or forged source address.  Trace Back message
   causes a gateway to install a "trap" route to the specified desti-
   nation, to catch the incoming packet to that destination.  Once the
   packet is received, the gateway reports it to the trace initiator,
   removes the trap, and sends the Trace Back message to the neighbour
   gateway the message came from.  A trap expires (thus terminating
   the trace) if no packet addressed to the destination is received."


"Alex.Bligh" writes:
 > The other nice solution would be an inverse traceroute that went
 > back to each router in turn, passing it a bit of BPF saying "where
 > are you getting packets like this from please?". If such a protocol
 > existed...