New Denial of Service Attack on Panix
Craig A. Huegen
c-huegen at quad.quadrunner.com
Tue Sep 17 05:53:21 UTC 1996
On Mon, 16 Sep 1996, Paul A Vixie wrote:
==>looks like the cisco access-list debugger doesn't show enough detail.
==>as soon as the path to the attacker crosses a MAE, you need to know the
==>source MAC level address of the router that's splattering you.
Paul is correct; I left out the caveat that you have to go "hunting" once
you get to a multi-access media network.
However, a good tool at this point becomes the monitor option/port found
on certain switches which will redirect traffic bound for a certain port
to also appear on the monitor port for sniffing. I don't know if the
GIGAswitches have such a monitoring option or port; if so, cooperation
from the various IXP operators would be a great help in determining the
hop.
(I also think implementing a MAC-level packet debug would be very
beneficial to help find culprits in this case, not to mention help
troubleshoot other problems).
/cah
----
Craig A. Huegen CCIE #2100 || ||
Network Analyst, IS-Network/Telecom || ||
cisco Systems, Inc., 250 West Tasman Drive |||| ||||
San Jose, CA 95134, (408) 526-8104 ..:||||||:..:||||||:..
email: chuegen at cisco.com c i s c o S y s t e m s
More information about the NANOG
mailing list