Ping flooding (fwd)
Michael Dillon
michael at memra.com
Tue Jul 9 02:07:13 UTC 1996
On Mon, 8 Jul 1996, George Eddy wrote:
> yes, forging a ping attack is pretty easy and can be done from
> anywhere with any source address (of course, who knows where the
> responses will end up), the routing proximity is irrelavant, since the
> source is not looked at (unless filters have been put in place, such
> as what the upstream provider has apparently done).
>
> the only _I can think of_ in tracking it down, would be to backtrack
> the possible paths into the router. either by sniffing the possible
> lines coming into router, or by temporarily disabling icmp echo reqs.
> from all but one incoming line, until you've found the offending line,
> continuing back.
>
> of course this may be impossible in many cases since you probably
> don't have access to the equipment (or cooperation) outside of your
> domain.
OK. So what if somebody is currently planning a ping battle on the global
Internet, kind of like corewars in the netwrk. Then what? Do the NSP's all
roll over and play dead?
If I were to crosspost this reply to alt.2600 it wouldn't take long to
happen you know. BTW, I won't be crossposting it there, but you get the
idea, security by obscurity, etc...
Is anyone working on tools to help NSP's quickly backtrack this kind of
thing?
Michael Dillon ISP & Internet Consulting
Memra Software Inc. Fax: +1-604-546-3049
http://www.memra.com E-mail: michael at memra.com
More information about the NANOG
mailing list