Ping flooding (fwd)
Larry J. Plato
ljp at ans.net
Tue Jul 9 08:28:26 UTC 1996
IMHO, there are two seperate issues here.
- better tools would be nice. Although I think tracking packets
would be too CPU intensive for today's routers I do think having
such a feature would be a good thing. The RAM/ROM to hold the extra
microcode is cheap, and if it can be turned off/on at will I see no
harm in having it. When someone will have time to add the code is
a seperate issue.
- why can't my [NSP | TelCo | GME (Godlike Monolithic Entity)] provide
me with data on who is spamming my net. I think that is a seperate
issue. The TELCOs have an advantage here in that it is MUCH harder
to fake caller ID than to fake ICMP headers. I would be willing to bet
that if someone who really knew their way around the SS7 network decided to
make your life difficult Ma Bell would have a hell of a hard time
tracking them down. Most of the TELCO switchmen I have dealt with
could not trace a phone call with any reliability. At this point
it requires a fair amounf of time, from a fair amount of talented
people to track this stuff down. In all the cases I dealt with,
people from many service providers were very cooperative if the
denial of service attack was in progress. After the fact people
seemed to expend effort to the extent they felt they could help.
Which for most people is 0 (after the fact it is pretty hard to
say who denied what to whom with any certainy)
This is the way it is, but not the way it must always be.
Feel free to talk to the router vendor of choice and explain to
them that this functionality is important to you. In the mean
time, I hope you will excuse me while I go off and cope with my
own problems. I honestly wish you the best of luck in your endeavors,
> On Tue, 9 Jul 1996, Nevin Williams wrote:
> > > Why not? Don't telcos do this?
> > > Or if your answer is that telcos only do it for the police and not for
> > > each other, then my question would be why can't we form an Internet
> > > equivalent, maybe affiliated with something like CERT, that can make these
> > > requests and with whom NSP's would cooperate.
> > What sort of incentive or penalty do you think would enable this
> > cooperation?
> Screwed up networks give the whole industry a bad name. It is in everyones
> economic best interests to make the network operate fast and reliably.
> Michael Dillon ISP & Internet Consulting
> Memra Software Inc. Fax: +1-604-546-3049
> http://www.memra.com E-mail: michael at memra.com
More information about the NANOG