[11849] in North American Network Operators' Group
Re: ICMP Attacks???????
daemon@ATHENA.MIT.EDU (Network Admin Account)
Fri Aug 15 13:04:32 1997
Date: Fri, 15 Aug 1997 12:56:39 -0400 (EDT)
From: Network Admin Account <nacr@gate.net>
To: Alex Rubenstein <alex@nac.net>
cc: nanog@merit.edu
In-Reply-To: <Pine.BSI.3.96.970815114505.17642C-100000@duncan.nac.net>
Does anyone have any ideas from where its coming from???? We have had no
luck with this at all????
On Fri, 15 Aug 1997, Alex Rubenstein wrote:
>
> Yes. It was interesting. My understanding is that what I am about to tell
> you is old news, but here:
>
> Attacker sends a packet with a source address of the victim, with a dest
> address to the broadcast of a (pick any) network. Every machine on the
> network will then respond with a ICMP reply to the 'source' (the victim).
>
> My understanding is that a 28.8 users could easily fill a T1 (or more)
> with this method. We have no proof, but someone did this to us from what
> appears to be a ISDN account from PSI, and filled 6 - 7 mb/s of our
> Ethernet genuity connection in doing so. It was *not* cool.
>
>
> On Fri, 15 Aug 1997, Network Admin Account wrote:
>
> >
> > Has anyone been resently attacked by massive flood pings?????? We are
> > trying to locate any other ISP's or anyone else having the same problem.
> >
> >
>
