[28687] in North American Network Operators' Group
Re: New Internet-draft on DDOS defense...
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri May 12 11:11:18 2000
Date: Fri, 12 May 2000 08:08:38 -0700
From: owen@dixon.delong.sj.ca.us (Owen DeLong)
Message-Id: <200005121508.IAA14283@irkutsk.delong.sj.ca.us>
To: bross@netrail.net, smb@research.att.com
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
> >On Thu, 11 May 2000, Owen DeLong wrote:
> >
> >> Right answer, wrong reason. The originating host will be easy to identify
> >> because the MAC address of the originating machine of the ECHO-REQUEST
> >> packets will be contained in the packets.
> >
> >I have to strongly disagree, MAC addresses don't make it across router
> >boundaries, source IP addresses do.
>
> Besides, MAC addresses are quite often changeable.
Source IP's are even easier to modify than source MAC addresses. However,
at least on a switched LAN, most switches provide some way to show the
MAC forwarding table. As such, you can at least isolate which port
the packets are originating from.
Owen
