Ping flooding (fwd)

Michael Dillon michael at
Tue Jul 9 02:07:13 UTC 1996

On Mon, 8 Jul 1996, George Eddy wrote:

> yes, forging a ping attack is pretty easy and can be done from
> anywhere with any source address (of course, who knows where the
> responses will end up), the routing proximity is irrelavant, since the
> source is not looked at (unless filters have been put in place, such
> as what the upstream provider has apparently done).
> the only _I can think of_ in tracking it down, would be to backtrack
> the possible paths into the router.  either by sniffing the possible
> lines coming into router, or by temporarily disabling icmp echo reqs.
> from all but one incoming line, until you've found the offending line,
> continuing back.
> of course this may be impossible in many cases since you probably
> don't have access to the equipment (or cooperation) outside of your
> domain. 

OK. So what if somebody is currently planning a ping battle on the global
Internet, kind of like corewars in the netwrk. Then what? Do the NSP's all
roll over and play dead?

If I were to crosspost this reply to alt.2600 it wouldn't take long to
happen you know. BTW, I won't be crossposting it there, but you get the
idea, security by obscurity, etc...

Is anyone working on tools to help NSP's quickly backtrack this kind of

Michael Dillon                                   ISP & Internet Consulting
Memra Software Inc.                                 Fax: +1-604-546-3049                             E-mail: michael at

More information about the NANOG mailing list