ICMP Attacks???????

Josh Beck jbeck at connectnet.com
Fri Aug 15 19:09:32 UTC 1997

> ICMP is only one of a dozen ways to attack people. There is no point
> in specially targetting ICMP.

Of course... so you have the capability to turn on logging for certain
protocols or interfaces or whatever for a short time. If someone is seeing
random source addresses ICMP packets for instance, a 20 second sample of a
busy interface can provide enough information to trace this (with hardware
addresses). And this is something that can be done right away. 

> In my opinion, the only long term solution here is software that is
> "smart" about tracebacks -- that is, can be directed in real time to
> log certain classes of traffic.

	It would be nice, but for now logging the hardware addresses along
with the ip addresses would be cool.

Josh Beck                                         jbeck at connectnet.com
CONNECTNet INS, Inc.      Phone: (619)450-0254      Fax: (619)450-3216
6370 Lusk Blvd., Suite F-208                       San Diego, CA 92121

More information about the NANOG mailing list