[11866] in North American Network Operators' Group
Re: ICMP Attacks???????
daemon@ATHENA.MIT.EDU (David Ross)
Sun Aug 17 01:23:26 1997
To: "Alex.Bligh" <amb@xara.net>
cc: danny@genuity.net, Josh Beck <jbeck@connectnet.com>,
"Perry E. Metzger" <perry@piermont.com>, alex@nac.net,
Michael Dillon <michael@priori.net>, nanog@merit.edu
In-reply-to: Your message of "Sat, 16 Aug 1997 10:01:28 BST."
<199708160901.KAA04551@diamond.xara.net>
Date: Sat, 16 Aug 1997 22:06:13 -0700
From: David Ross <ross@rce.com>
"Alex.Bligh" writes:
> danny@genuity.net said:
>
> > Aug 15 20:04:45.087 MST: %SEC-6-IPACCESSLOGDP: list 199 permitted icmp
> > 1.1.1.1 (Fddi6/0 0060.7017.a188) -> 192.41.177.255 (0/0), 1 packet
>
> I'm pretty sure this is a new feature. Wow. Useful. That's exactly
> what I wanted. Given you are doing this I take it it's in 11.1.11CA1.
>
> > Hope I haven't overlooked something obvious here .. but I'm sure that
> > if a did someone will "enlighten" me ;-) Of course, the one obvious
> > thing I didn't mention is that if everyone were to deploy ingress
> > filtering, this would be much, much easier to control.
>
> The other nice solution would be an inverse traceroute that went
> back to each router in turn, passing it a bit of BPF saying "where
> are you getting packets like this from please?". If such a protocol
> existed, this would allow trace back to source (or at least trace
> back to the point where the protocol wasn't supported) which would
> automate most of the tracking and reduce the need to persuade
> NOCs to cooperate. There are obviously security concerns in allowing
> 3rd parties to remotely apply packet tracking in your network, but
> I'm sure with a cold flannel applied to forehead these could be
> worked through. RFC time anyone?
>
> Alex Bligh
> Xara Networks
>
>
