[11856] in North American Network Operators' Group
Re: ICMP Attacks???????
daemon@ATHENA.MIT.EDU (Dan Merillat)
Fri Aug 15 15:14:35 1997
To: Josh Beck <jbeck@connectnet.com>
cc: Michael Dillon <michael@priori.net>, nanog@merit.edu
Date: Fri, 15 Aug 1997 15:09:50 -0400
From: Dan Merillat <dan@merillat.org>
Josh Beck writes:
> I think it's critical that routers be capable of logging the
> hardware addresses of ICMP, along with source addresses, so that these
> attacks can be traced across shared media at exchanges. As it is now, it's
> hard enough to trace it back across a backbone, but if it crosses a MAE,
> it's perfectly anonymous unless new techniques are around that we aren't
> aware of.
and TCP (Syn flooding) and UDP (pepsi.c)...
an IOS port of tcpdump would probably make it a lot simpler.
--Dan
