|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
Alex P. Rudnev writes... > What are you talking about? If they have NETFLOW switching and NETFLOW > accounting, it's easy to search for the router originated for the > SMURF/initialised packets (this packets can be searched by the such list, > or by the simular search pattern): > > xxx permit ip any 0.0.0.255 255.255.255.0 log > > And then it takes 5 minutes to look for the originating interface. Yeah. And that leads to another router, then another, then another. How about automating the process. That's what it looks like DoStracker does. As was pointed out to me, if I have just one or two routers or one or two links into the Internet, then I can easily find where the attack is coming from. But if I have a large complex network ... -- Phil Howard | [email protected] [email protected] [email protected] phil | [email protected] [email protected] [email protected] at | [email protected] [email protected] [email protected] milepost | [email protected] [email protected] [email protected] dot | [email protected] [email protected] [email protected] com | [email protected] [email protected] [email protected]
|