North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Internet-draft on DDOS defense...
> >On Thu, 11 May 2000, Owen DeLong wrote: > > > >> Right answer, wrong reason. The originating host will be easy to identify > >> because the MAC address of the originating machine of the ECHO-REQUEST > >> packets will be contained in the packets. > > > >I have to strongly disagree, MAC addresses don't make it across router > >boundaries, source IP addresses do. > > Besides, MAC addresses are quite often changeable. Source IP's are even easier to modify than source MAC addresses. However, at least on a switched LAN, most switches provide some way to show the MAC forwarding table. As such, you can at least isolate which port the packets are originating from. Owen
|