[11482] in North American Network Operators' Group
Re: [nsp] known networks for broadcast ping attacks
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Wed Jul 30 17:10:57 1997
Date: Wed, 30 Jul 1997 16:39:31 -0400
From: "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>
To: Netstat Webmaster <feh@netstat.net>
Cc: "Alex.Bligh" <amb@xara.net>, cisco-nsp@cic.net, nanog@merit.edu
In-Reply-To: <Pine.BSI.3.91.970730160044.5940A-100000@wwwlab.com>; from Netstat Webmaster <feh@netstat.net> on Wed, Jul 30, 1997 at 04:03:04PM -0400
On Wed, Jul 30, 1997 at 04:03:04PM -0400, Netstat Webmaster wrote:
> On Wed, 30 Jul 1997, Jay R. Ashworth wrote:
> > What he's saying is that someone is mounting broadcast ping flooding
> > attacks with forged source addresses which make them appear to be
> > coming from MAE-East, among other places.
>
> mmmm... no. The forged source address is that of the victim. The listed
> broadcast addresses are the destinations of the packets with the forged
> address of the victim. The broadcast addresses are never forged.
Really?
Hmmm...
In any event, such filtering on the part of IAP's will solve the
problem, mostly.
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "People propose, science studies, technology
Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
