Ping flooding (fwd)

David R. Conrad davidc at
Tue Jul 9 02:57:23 UTC 1996


>yes, forging a ping attack is pretty easy and can be done from
>anywhere with any source address

Yeah, but forging TCP syn attacks are more fun (fill up those TCBs).
Denial of service attacks are a real pain, particularly as they are so
easy to implement and so hard to defend against.  Of course, this
isn't limited to the Internet (as a person who has been victimized by
a rapid redailing fax machine at 4:00 AM can attest).

>the routing proximity is irrelavant, since the
>source is not looked at (unless filters have been put in place, such
>as what the upstream provider has apparently done).

About the only way you can stop this attack would be for ISPs to
filter out bogus source addresses from their customers.  Of course,
then the mobile IP people would whine.  However, given a future of
more attacks of this nature, I think the mobile IP people are going to


More information about the NANOG mailing list