[11857] in North American Network Operators' Group
Re: ICMP Attacks???????
daemon@ATHENA.MIT.EDU (Josh Beck)
Fri Aug 15 15:16:13 1997
Date: Fri, 15 Aug 1997 12:09:32 -0700 (PDT)
From: Josh Beck <jbeck@connectnet.com>
To: "Perry E. Metzger" <perry@piermont.com>
cc: Michael Dillon <michael@priori.net>, nanog@merit.edu
In-Reply-To: <199708151903.PAA17132@jekyll.piermont.com>
> ICMP is only one of a dozen ways to attack people. There is no point
> in specially targetting ICMP.
Of course... so you have the capability to turn on logging for certain
protocols or interfaces or whatever for a short time. If someone is seeing
random source addresses ICMP packets for instance, a 20 second sample of a
busy interface can provide enough information to trace this (with hardware
addresses). And this is something that can be done right away.
> In my opinion, the only long term solution here is software that is
> "smart" about tracebacks -- that is, can be directed in real time to
> log certain classes of traffic.
It would be nice, but for now logging the hardware addresses along
with the ip addresses would be cool.
Josh Beck jbeck@connectnet.com
----------------------------------------------------------------------
CONNECTNet INS, Inc. Phone: (619)450-0254 Fax: (619)450-3216
6370 Lusk Blvd., Suite F-208 San Diego, CA 92121
----------------------------------------------------------------------
