nanog mailing list archives
Re: ICMP Attacks???????
From: Josh Beck <jbeck () connectnet com>
Date: Fri, 15 Aug 1997 12:09:32 -0700 (PDT)
ICMP is only one of a dozen ways to attack people. There is no point in specially targetting ICMP.
Of course... so you have the capability to turn on logging for certain protocols or interfaces or whatever for a short time. If someone is seeing random source addresses ICMP packets for instance, a 20 second sample of a busy interface can provide enough information to trace this (with hardware addresses). And this is something that can be done right away.
In my opinion, the only long term solution here is software that is "smart" about tracebacks -- that is, can be directed in real time to log certain classes of traffic.
It would be nice, but for now logging the hardware addresses along with the ip addresses would be cool. Josh Beck jbeck () connectnet com ---------------------------------------------------------------------- CONNECTNet INS, Inc. Phone: (619)450-0254 Fax: (619)450-3216 6370 Lusk Blvd., Suite F-208 San Diego, CA 92121 ----------------------------------------------------------------------
Current thread:
- [CISCO] directed-broadcast, ip classless Ran Atkinson (Aug 14)
- Re: [CISCO] directed-broadcast, ip classless Josh Beck (Aug 14)
- ICMP Attacks??????? Network Admin Account (Aug 15)
- Re: ICMP Attacks??????? Joe Shaw (Aug 15)
- Re: ICMP Attacks??????? Network Admin Account (Aug 15)
- Re: ICMP Attacks??????? Michael Dillon (Aug 15)
- Re: ICMP Attacks??????? Perry E. Metzger (Aug 15)
- Re: ICMP Attacks??????? Josh Beck (Aug 15)
- Re: ICMP Attacks??????? Perry E. Metzger (Aug 15)
- Re: ICMP Attacks??????? Josh Beck (Aug 15)
- ICMP Attacks??????? Network Admin Account (Aug 15)
- Re: [CISCO] directed-broadcast, ip classless Josh Beck (Aug 14)
- Re: ICMP Attacks??????? Alex "Mr. Worf" Yuriev (Aug 15)
- Re: ICMP Attacks??????? Alex Rubenstein (Aug 15)
- Re: ICMP Attacks??????? Network Admin Account (Aug 15)
- Re: ICMP Attacks??????? Vincent Poy (Aug 15)
- Re: [CISCO] directed-broadcast, ip classless Mark E Larson (Aug 15)
- <Possible follow-ups>
- Re: [CISCO] directed-broadcast, ip classless Jeffrey S. Curtis (Aug 14)
- Message not available
- Re: [CISCO] directed-broadcast, ip classless Ran Atkinson (Aug 14)
- Re: [CISCO] directed-broadcast, ip classless Paul Ferguson (Aug 14)
- Message not available