[4449] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Sep 17 00:45:24 1996
To: "Craig A. Huegen" <c-huegen@quad.quadrunner.com>
cc: Paul A Vixie <paul@vix.com>, nanog@merit.edu, iepg@iepg.org
In-reply-to: Your message of "Mon, 16 Sep 1996 21:08:17 PDT."
<Pine.QUAD.3.94.960916205808.612D-100000@quad.quadrunner.com>
Reply-To: perry@piermont.com
Date: Tue, 17 Sep 1996 00:39:23 -0400
From: "Perry E. Metzger" <perry@piermont.com>
"Craig A. Huegen" writes:
> ==>If Cisco routers had TCPDUMP capability this would be a lot simpler. If
> ==>all the routers in the universe had TCPDUMP, and all the router operators
> ==>had eachother's phone numbers, we could track this to the source in less
> ==>than five minutes. Alas, the misfit teenagers of the underworld have
> ==>caught us without any of the tools we need be able to track this down.
>
> cisco routers do have tcpdump capability.
Not really. You can dump packets, but you can't do what you really
need to do, which is snapshot all the packets in a binary format with
microsecond timestamps and then run BPF style filters over them to
isolate small sections of the traffic you are interested in. If you
can't run automated tools over the raw packets its hard to catch some
of the needed subtleties.
Of course, what you have is indeed better than nothing.
Perry
