North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Broadcast pings.
I had a customers link go down because they were the target of a smurf attack a few weeks ago, and when I was sniffing the link to find out what was going on, I found tons of packets coming from root nameservers, .gov sites, and other places. If I hadn't been at a terminal, I'd have done a better job of logging them when it happened. As it stands, I just turned off ICMP into my routers for a few hours and all was well. What I would have given to have had a dedicated sniffer so I could have done a better job of logging. Regards, Joe Shaw - [email protected] NetAdmin - Insync Internet Services Fortune for the day: "Speak softly and carry a +6 two-handed sword." On Mon, 22 Dec 1997, Jamie Scheinblum wrote: > Has anyone seen an increase of broadcast pings, where the source route > appears to be from a nameserver? > > We took a look through our access-list logs, and it seems all of the > attempted attacks during the last few days have had an IP-source of a > nameserver. > > Just thought it was curious. > > Best regards, > > Jamie Scheinblum - FASTNET(tm) / You Tools Corporation > [email protected] (610)954-5200 http://www.fast.net/ > FASTNET - Business and Personal Internet Solutions >