Ping flooding (fwd)

Curtis Villamizar curtis at
Wed Jul 10 00:30:05 UTC 1996

In message <199607092210.MAA09327 at>, Doug Stanfield writes:
> These garbage packets are flooding through somebodies network to get to the
> target.  I'd think it would benefit the intervening operators to eliminate
> traffic tthat is harmful, probably illegal, and wasting the resource they
> sell, bandwidth.
> Doug Stanfield          "The significant problems we face cannot be solved
> Oceanic Cable            at the same level of thinking we were at when we
> Project Engineer         created them."  - Albert Einstein 
> dougs at        (808) 625-8455   fax (808) 625-5888

If the traffic passes through ANS, call the NOC or send e-mail to
trouble at  We can generally tell you where the traffic came
into ANS, even after the fact.  You then go to the next NOC down the
line.  Repeat until completed.

No it isn't automated and brief attacks would be tough but that the
state of things and it has been sufficient.  You typically need to go
through one or two providers and then a site or campus and maybe
department before getting to the source machine.

I've only been rarely and mostly peripherally involved in followup but
I do remember a number of other providers being extremely cooperative
to the point of physically moving workstations to act as sniffers,
though they did need to set up monitoring to trace things further.

I seem to remember a number of cases that were traced as being
recurring cases of badly broken software rather than attacks, like
boxes that didn't like multicast and crashed and spewed garbage.  This
latest incident could be the same.


More information about the NANOG mailing list