nanog mailing list archives

Re: Ping flooding

From: "Perry E. Metzger" <perry () piermont com>
Date: Wed, 10 Jul 1996 08:55:00 -0400


I'm sorry, but this isn't true. The fact that routers aren't optimized
for monitoring isn't an issue.

Tracking down a ping forger, if they are flooding, is pretty easy. You
just use network monitoring equipment on each leg of the network to
trace the stuff back, leg by leg. Remote monitoring equipment isn't at
every ISP on every network connection yet, but eventually will have to
be for a variety of reasons, and there is always stuff like
RMON. Currently, tracing back all 10 or 20 hops is going to be a pain
because its a manual process, but that needn't remain the case.

Rob Gutierrez writes:

From: Michael Dillon <michael () memra com>

On Tue, 9 Jul 1996, Daniel W. McRobb wrote:

There will likely never be a means for a single NSP to track down the
real source of spoofed packets using IPv4.  Service providers won't be
letting other service providers track spoofed packets through their
network.


Why not? Don't telcos do this?


Yes, telcos do this, but they (used) to have the same problem we all
have in the ISP world, in that your average DMS-100 voice switch is
optimized for call processing, not for call-detail searches.


Your average call-detail search used to take 1-2 hours for a 5 minute
window.  (I say "used to" as now the SS7 STP processors now do the
call-detail recording, and call lookups are a matter of keystrokes and
seconds away.)

Router mfgrs are still in the stages of switching packets as fast as
they can, not detail management.  And of course, nooone of us want to
drop our routers down to process switching to track packets.

Or if your answer is that telcos only do it for the police and not for
each other, then my question would be why can't we form an Internet
equivalent, maybe affiliated with something like CERT, that can make these
requests and with whom NSP's would cooperate.


Telco call-detail lookups for law enforcement constitute <-.01% of those
lookups (I did work at MCI's Western Region Net Mgt canter).  All the
other lookups are for maint purposes (like finding marginal trunks,
tracking call patterns, making sure routing databases are working right,
etc).  

It's obviously going to be different in our case.

      rob.

- - - - - - - - - - - - - - - - -

Current thread:

Re: Ping flooding George Herbert (Jul 08)
- <Possible follow-ups>
- Re: Ping flooding Rob Gutierrez (Jul 09)
  - Re: Ping flooding Perry E. Metzger (Jul 10)
- Re: Ping flooding Vadim Antonov (Jul 09)
  - Re: Ping flooding Jerry Anderson (Jul 11)
- Re: Ping flooding Brett D. Watson (Jul 10)
- Re: Ping flooding Vadim Antonov (Jul 11)
  - Re: Ping flooding Alan Hannan (Jul 11)
    - Re: Ping flooding Per Gregers Bilse (Jul 11)
    - Routing flaps, was Re: Ping flooding Forrest W. Christian (Jul 12)
  - Re: Ping flooding Bradley J. Passwaters (Jul 11)
- Re: Ping flooding Paul Ferguson (Jul 11)
  - Re: Ping flooding Alan Hannan (Jul 11)

(Thread continues...)