[11855] in North American Network Operators' Group
Re: ICMP Attacks???????
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Aug 15 15:13:26 1997
To: Josh Beck <jbeck@connectnet.com>
cc: Michael Dillon <michael@priori.net>, nanog@merit.edu
In-reply-to: Your message of "Fri, 15 Aug 1997 11:20:53 PDT."
<Pine.LNX.3.95q+pgcc+pgp.970815111808.9805D-100000@brap.connectnet.com>
Reply-To: perry@piermont.com
Date: Fri, 15 Aug 1997 15:03:24 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Josh Beck writes:
> I think it's critical that routers be capable of logging the
> hardware addresses of ICMP, along with source addresses, so that these
> attacks can be traced across shared media at exchanges.
ICMP is only one of a dozen ways to attack people. There is no point
in specially targetting ICMP.
Unfortunately, it is, in practice, impossible to log ALL the traffic
across a very busy router at an exchange point.
In my opinion, the only long term solution here is software that is
"smart" about tracebacks -- that is, can be directed in real time to
log certain classes of traffic.
Perry
