[4451] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Sep 17 00:47:51 1996
To: Paul A Vixie <paul@vix.com>
cc: "Kent W. England" <kwe@6sigmanets.com>, nanog@merit.edu, iepg@iepg.org
In-reply-to: Your message of "Mon, 16 Sep 1996 21:11:06 PDT."
<9609170411.AA12659@wisdom.home.vix.com>
Reply-To: perry@piermont.com
Date: Tue, 17 Sep 1996 00:42:34 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Paul A Vixie writes:
> looks like the cisco access-list debugger doesn't show enough detail.
> as soon as the path to the attacker crosses a MAE, you need to know the
> source MAC level address of the router that's splattering you.
The ability to record a couple of minutes of packets, complete with
MAC layer data, and examine the packets post mortem, is really
important for this kind of work. tcpdump lets you do that and
more. Cisco stuff isn't really in that league, though as I said its
better than nothing.
Perry
