[3363] in North American Network Operators' Group
Re: Ping flooding (fwd)
daemon@ATHENA.MIT.EDU (Jordy)
Tue Jul 9 04:28:40 1996
Date: Mon, 8 Jul 1996 22:21:49 -1000 (HST)
From: Jordy <jordy@thirdwave.net>
To: Michael Dillon <michael@memra.com>
cc: nanog@merit.edu
In-Reply-To: <Pine.BSI.3.93.960708162219.22916W-100000@sidhe.memra.com>
On Mon, 8 Jul 1996, Michael Dillon wrote:
> Are there any procedures in place to track down this kind of network
> abuse. In particular, is it possible that it is a stealth attack?
> Before you answer, take note that this is going to appear in Bob
> Metcalfe's column next week.
you can easily forge the header on an ICMP packet to make it look like it
came from any address you wish, to my knowledge, there really isn't a way
you can track down.
Denial of Service attacks like these are becoming common place, the only
real course of action is to firewall, unfortunatly, they can just spoof
from another source address.
> Is it possible for someone to forged the source IP address of an icmp
> packet?
yes
