[11852] in North American Network Operators' Group
Re: ICMP Attacks???????
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Aug 15 13:48:25 1997
To: Michael Dillon <michael@priori.net>
cc: nanog@merit.edu
In-reply-to: Your message of "Fri, 15 Aug 1997 10:30:11 PDT."
<v03102801b01a3bc4289f@[10.11.12.33]>
Reply-To: perry@piermont.com
Date: Fri, 15 Aug 1997 13:42:31 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Michael Dillon writes:
> >> Has anyone been resently attacked by massive flood pings?????? We are
> >> trying to locate any other ISP's or anyone else having the same problem.
>
> >flooded by the replies. I'd just go to a few of your machines and do a
> >netstat on them, then dump the data to a file and see if you can see where
> >all the ICMP packets are coming from. When you find out, it's time to get
>
> And just how do you identify the source of the ICMP packets when the source
> address is forged?
Trace it back, painfully, hop by hop by hop.
> I'm not sure what can be done to make this easier but I have a few ideas.
I have some too, but this isn't really the forum...
Perry
