ICMP Attacks???????

• Previous message (by thread): ICMP Attacks???????
• Next message (by thread): ICMP Attacks???????
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> ICMP is only one of a dozen ways to attack people. There is no point
> in specially targetting ICMP.

Of course... so you have the capability to turn on logging for certain
protocols or interfaces or whatever for a short time. If someone is seeing
random source addresses ICMP packets for instance, a 20 second sample of a
busy interface can provide enough information to trace this (with hardware
addresses). And this is something that can be done right away. 

> In my opinion, the only long term solution here is software that is
> "smart" about tracebacks -- that is, can be directed in real time to
> log certain classes of traffic.

	It would be nice, but for now logging the hardware addresses along
with the ip addresses would be cool.

Josh Beck                                         jbeck at connectnet.com
----------------------------------------------------------------------
CONNECTNet INS, Inc.      Phone: (619)450-0254      Fax: (619)450-3216
6370 Lusk Blvd., Suite F-208                       San Diego, CA 92121
----------------------------------------------------------------------

• Previous message (by thread): ICMP Attacks???????
• Next message (by thread): ICMP Attacks???????
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]